Impact
The vulnerability lies in Docling's use of the standard xml.sax.parseString() for parsing USPTO patent XML files between versions 2.13.0 and 2.73.x. Because external entity processing was not disabled, an attacker could craft malicious XML documents containing external entity references to read arbitrary files from the server, perform SSRF requests, or trigger a Billion Laughs attack that consumes resources and causes denial of service. The weakness is a classic XML External Entity flaw (CWE‑611, CWE‑776), allowing information disclosure, potential upstream HTTP requests, and denial of service.
Affected Systems
The affected product is the Docling open‑source document processing framework (docling‑project:docling) in the 2.13.0 up to 2.73.x releases. The issue is triggered when the USPTO patent XML parsers ICE (v4.x), Grant (v2.5) and Application (v1.x) are used. Any deployment exposing the USPTO patent backend that accepts XML uploads is impacted.
Risk and Exploitability
The CVSS score is 7.5, indicating substantial risk. The EPSS score is 0.00283, indicating a very low probability of exploitation, and the vulnerability is not listed in the CISA attack vector is likely external: an attacker who can supply a malicious USPTO patent XML file to the backend can trigger the XXE processing path. While the flaw does not directly lead to code execution, it yields read access to arbitrary file contents, the ability to cause SSRF to internal or external resources, and the potential for a denial of service through entity expansion. Consequently, the risk level is moderate to high, especially for publicly exposed USPTO patent ingestion services.
OpenCVE Enrichment
Github GHSA