CVE-2026-31248
Received Received - Intake
Docling METS GBS Backend XML Entity Expansion DoS

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: MITRE

Description
Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring() without disabling entity resolution. An attacker can craft a malicious XML file with nested entity definitions (XML Bomb) and package it into a .tar.gz archive. When processed by Docling, the exponential expansion of entities during XML parsing leads to excessive resource consumption, resulting in a denial of service (DoS) condition on the system running the Docling parser.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-11
Generated
2026-05-11
AI Q&A
2026-05-11
EPSS Evaluated
N/A
NVD
CVE-2026-31248
EUVD
EUVD-2026-29095
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
docling_project docling 2.61.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks in versions up to 2.61.0. The vulnerability arises because the backend processes XML files extracted from .tar.gz archives using etree.fromstring() without disabling entity resolution.

An attacker can craft a malicious XML file containing nested entity definitions, often called an XML Bomb, and package it into a .tar.gz archive. When Docling processes this archive, the XML parser expands these entities exponentially, consuming excessive system resources.

This excessive resource consumption leads to a denial of service (DoS) condition on the system running the Docling parser.


How can this vulnerability impact me? :

This vulnerability can cause a denial of service (DoS) on systems running the Docling METS GBS backend by exhausting system resources during XML parsing.

An attacker exploiting this vulnerability can disrupt normal operations by sending specially crafted XML files that trigger excessive CPU and memory usage, potentially making the service unavailable.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability arises because Docling's METS GBS backend uses etree.fromstring() to parse XML files without disabling entity resolution, allowing XML Entity Expansion (XXE) attacks that cause denial of service through resource exhaustion.

To mitigate this vulnerability immediately, you should avoid processing untrusted or malicious .tar.gz archives containing XML files with Docling until a fix or update is available.

Additionally, consider implementing XML parsing configurations that disable entity resolution or use safer XML parsing libraries that prevent entity expansion.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify how the XML Entity Expansion (XXE) vulnerability in Docling's METS GBS backend affects compliance with common standards and regulations such as GDPR or HIPAA.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart