Description
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString() without protection against XML External Entity (XXE) attacks. An attacker could craft malicious USPTO patent XML files with external entity references that could read arbitrary files from the server filesystem, perform Server-Side Request Forgery (SSRF) attacks, or cause denial of service through entity expansion (Billion Laughs attack). The vulnerability affects three USPTO patent format parsers: ICE (v4.x), Grant v2.5, and Application v1.x. This vulnerability is fixed in 2.74.0.
Published: 2026-06-24
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability lies in Docling's use of the standard xml.sax.parseString() for parsing USPTO patent XML files between versions 2.13.0 and 2.73.x. Because external entity processing was not disabled, an attacker could craft malicious XML documents containing external entity references to read arbitrary files from the server, perform SSRF requests, or trigger a Billion Laughs attack that consumes resources and causes denial of service. The weakness is a classic XML External Entity flaw (CWE‑611, CWE‑776), allowing information disclosure, potential upstream HTTP requests, and denial of service.

Affected Systems

The affected product is the Docling open‑source document processing framework (docling‑project:docling) in the 2.13.0 up to 2.73.x releases. The issue is triggered when the USPTO patent XML parsers ICE (v4.x), Grant (v2.5) and Application (v1.x) are used. Any deployment exposing the USPTO patent backend that accepts XML uploads is impacted.

Risk and Exploitability

The CVSS score is 7.5, indicating substantial risk. The EPSS score is 0.00283, indicating a very low probability of exploitation, and the vulnerability is not listed in the CISA attack vector is likely external: an attacker who can supply a malicious USPTO patent XML file to the backend can trigger the XXE processing path. While the flaw does not directly lead to code execution, it yields read access to arbitrary file contents, the ability to cause SSRF to internal or external resources, and the potential for a denial of service through entity expansion. Consequently, the risk level is moderate to high, especially for publicly exposed USPTO patent ingestion services.

Generated by OpenCVE AI on June 26, 2026 at 01:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Docling to version 2.74.0 or later patent XML parser protects against external entities.
  • If an upgrade is not immediately possible, reconfigure the XML parsing logic to disallow external entity resolution (for example, disable DOCTYPE declarations or use a secure SAX parser that disallows XXE).
  • Validate the patch by processing a test XML payload containing an XXE entity and confirming that the parser rejects it or that no file reads or external requests occur.

Generated by OpenCVE AI on June 26, 2026 at 01:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-m88r-rg27-5xfg Docling: Unsafe XML Entity Expansion in USPTO Patent Backend
History

Fri, 26 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-611
References
Metrics threat_severity

None

threat_severity

Important


Thu, 25 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 25 Jun 2026 07:00:00 +0000

Type Values Removed Values Added
First Time appeared Docling-project
Docling-project docling
Vendors & Products Docling-project
Docling-project docling

Wed, 24 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Description Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString() without protection against XML External Entity (XXE) attacks. An attacker could craft malicious USPTO patent XML files with external entity references that could read arbitrary files from the server filesystem, perform Server-Side Request Forgery (SSRF) attacks, or cause denial of service through entity expansion (Billion Laughs attack). The vulnerability affects three USPTO patent format parsers: ICE (v4.x), Grant v2.5, and Application v1.x. This vulnerability is fixed in 2.74.0.
Title Docling: Unsafe XML Entity Expansion in USPTO Patent Backend
Weaknesses CWE-776
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


Subscriptions

Docling-project Docling
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-07-15T00:54:55.531Z

Reserved: 2026-05-04T21:24:36.506Z

Link: CVE-2026-44020

cve-icon Vulnrichment

Updated: 2026-06-30T03:19:04.523Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-24T17:45:46Z

Links: CVE-2026-44020 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T02:00:17Z

Weaknesses
  • CWE-611

    Improper Restriction of XML External Entity Reference

  • CWE-776

    Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')