Description
Docling Core defines core data types and transformations for the document processing application Docling. In versions 2.5.0 and above, prior to 2.74.1, docling-core could allow local file:// image references and accepted inline data: content without a decoded-size limit. In applications that accept untrusted image references, this may allow access to local files readable by the process or excessive memory use from large inline payloads. This issue has been fixed in version 2.74.1.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-j5xp-7m2f-49jv | Docling Core: Insufficient validation of image reference URIs |
References
History
Thu, 16 Jul 2026 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Docling-project
Docling-project docling-core |
|
| Vendors & Products |
Docling-project
Docling-project docling-core |
Thu, 16 Jul 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Docling Core defines core data types and transformations for the document processing application Docling. In versions 2.5.0 and above, prior to 2.74.1, docling-core could allow local file:// image references and accepted inline data: content without a decoded-size limit. In applications that accept untrusted image references, this may allow access to local files readable by the process or excessive memory use from large inline payloads. This issue has been fixed in version 2.74.1. | |
| Title | Docling Core has insufficient validation of image reference URIs | |
| Weaknesses | CWE-400 CWE-73 |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-16T20:50:08.807Z
Reserved: 2026-05-04T21:24:36.506Z
Link: CVE-2026-44019
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-16T22:30:06Z
Github GHSA