Description
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.73.0 until 2.91.0, he LaTeX backend's handling of \includegraphics, \input, and \include commands lacked path containment validation. Attackers could craft malicious LaTeX documents with path traversal sequences to read arbitrary files from the file system accessible to the process, include sensitive files in the converted document output, or potentially access configuration files, credentials, or other sensitive data This vulnerability is fixed in 2.91.0.
Published: 2026-06-24
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A bug in Docling’s LaTeX backend allows attackers to embed path‑traversal sequences in \\includegraphics, \\input, or \\include commands. When a malicious LaTeX document is processed, the uninhibited path handling can direct the conversion engine to read and include files that the process can access, exposing configuration files, credentials, or other sensitive information. The flaw is not a denial‑of‑service or code‑execution issue but a direct leak of local files.

Affected Systems

The vulnerability affects the Docling product from the docling‑project. Versions 2.73.0 through 2.91.0 lack proper path containment checks. All installations running these releases that accept LaTeX documents from untrusted sources are impacted.

Risk and Exploitability

The CVSS score is 5.5, indicating a moderate risk. No EPSS score is available, and the vulnerability is not listed in CISA KEV. Attackers can trigger it by providing crafted LaTeX that specifies out‑of‑container file paths. The impact is limited to the file system accessible to the Docling process; successful exploitation requires the ability to submit or influence the LaTeX input. Given the moderate severity and lack of reported exploitation, the threat remains mainly theoretical but nonetheless significant for any environment that processes untrusted LaTeX.

Generated by OpenCVE AI on June 24, 2026 at 20:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Docling 2.91.0 or later, which implements path containment checks for LaTeX commands.
  • If an upgrade is not feasible, restrict the directory from which LaTeX documents are accepted to a secure, read‑only location and block write permissions to other areas.
  • Run Docling in a sandboxed or containerized environment to limit file system access for any untrusted processing tasks.
  • Consider auditing the process’s file‑system access logs for unexpected reads by the Docling process.

Generated by OpenCVE AI on June 24, 2026 at 20:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-2j5p-7p5m-cvqr Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands
History

Mon, 29 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Thu, 25 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 25 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
First Time appeared Docling-project
Docling-project docling
Vendors & Products Docling-project
Docling-project docling

Wed, 24 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Description Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.73.0 until 2.91.0, he LaTeX backend's handling of \includegraphics, \input, and \include commands lacked path containment validation. Attackers could craft malicious LaTeX documents with path traversal sequences to read arbitrary files from the file system accessible to the process, include sensitive files in the converted document output, or potentially access configuration files, credentials, or other sensitive data This vulnerability is fixed in 2.91.0.
Title Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}


Subscriptions

Docling-project Docling
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-25T13:17:57.563Z

Reserved: 2026-05-04T21:24:36.506Z

Link: CVE-2026-44022

cve-icon Vulnrichment

Updated: 2026-06-25T13:17:53.842Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-24T17:47:25Z

Links: CVE-2026-44022 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T06:15:15Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')