CVE-2026-31247
Received Received - Intake
XML Entity Expansion DoS in Docling JATS XML Backend

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: MITRE

Description
Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend uses etree.parse() to parse XML files without disabling entity resolution. An attacker can craft a malicious XML file containing a nested entity expansion payload (XML Bomb). When processed by Docling, the exponential expansion of entities leads to excessive resource consumption, resulting in a denial of service (DoS) condition on the system running the Docling parser.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-11
Generated
2026-05-11
AI Q&A
2026-05-11
EPSS Evaluated
N/A
NVD
CVE-2026-31247
EUVD
EUVD-2026-29055
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
docling_project docling 2.61.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks up to version 2.61.0. The vulnerability arises because the backend uses etree.parse() to process XML files without disabling entity resolution.

An attacker can create a malicious XML file containing a nested entity expansion payload, also known as an XML Bomb. When Docling processes this file, the exponential expansion of these entities causes excessive consumption of system resources.

This resource exhaustion leads to a denial of service (DoS) condition on the system running the Docling parser.


How can this vulnerability impact me? :

The primary impact of this vulnerability is a denial of service (DoS) condition on the system running Docling.

By exploiting the XML Entity Expansion vulnerability, an attacker can cause the system to consume excessive resources, potentially making the Docling service unavailable or severely degraded.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability involves XML Entity Expansion (XXE) attacks through Docling's JATS XML backend using etree.parse() without disabling entity resolution. Detection would involve monitoring for processing of malicious XML files containing nested entity expansions that cause excessive resource consumption.

Specific commands to detect this vulnerability are not provided in the available context or resources.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability arises because Docling's XML parser does not disable entity resolution, allowing XML bombs to cause denial of service by resource exhaustion.

Immediate mitigation steps would typically include disabling XML entity resolution in the parser configuration or updating Docling to a version where this issue is fixed. However, no specific mitigation instructions or patches are provided in the available context or resources.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart