CVE-2026-44017
Received Received - Intake
Zip Slip Vulnerability in Docling Document Processing

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: GitHub, Inc.

Description
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromise the model download source (via supply chain attack, DNS spoofing, or MITM), they could write arbitrary files to any location writable by the process, potentially achieving remote code execution by overwriting Python files or system binaries, persistent backdoors by modifying startup scripts or SSH keys, and data corruption or system compromise. This vulnerability is fixed in 2.91.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-25
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-44017
EUVD
EUVD-2026-39006
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
docling easyocr to 2.91.0 (exc)
docling_project docling to 2.91.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows an attacker to write arbitrary files to any writable location by exploiting unsafe ZIP extraction, potentially leading to remote code execution, persistent backdoors, and data corruption. Such impacts on confidentiality, integrity, and availability of data could negatively affect compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity.

Because the vulnerability can lead to unauthorized data access or modification and system compromise, organizations using affected versions of Docling prior to 2.91.0 may face increased risk of non-compliance with data protection and security requirements mandated by these regulations.

Mitigation steps such as updating to version 2.91.0, verifying model downloads over secure channels, and running the application with minimal permissions help reduce these compliance risks.

Executive Summary

CVE-2026-44017 is a vulnerability in the Docling package prior to version 2.91.0, specifically in its EasyOCR model download functionality.

The issue arises because the software extracts ZIP archives without validating the paths of the files inside them, which allows for Zip Slip attacks.

If an attacker can compromise the model download source (for example, via supply chain attacks, DNS spoofing, or man-in-the-middle attacks), they can exploit this vulnerability to write arbitrary files to any location writable by the process.

This can lead to remote code execution by overwriting Python files or system binaries, persistent backdoors by modifying startup scripts or SSH keys, and data corruption or system compromise.

The vulnerability has been fixed in version 2.91.0 by implementing path validation to prevent path traversal attacks.

Impact Analysis

This vulnerability can have severe impacts if exploited.

  • Remote code execution by overwriting critical Python files or system binaries.
  • Establishment of persistent backdoors by modifying startup scripts or SSH keys.
  • Data corruption or broader system compromise.

Exploitation requires the attacker to compromise the model download source and involves user interaction, but no prior privileges are needed.

Detection Guidance

This vulnerability involves unsafe ZIP extraction in the EasyOCR model download functionality of Docling versions prior to 2.91.0, allowing Zip Slip attacks. Detection would involve checking if your system is running a vulnerable version of Docling and monitoring for suspicious file writes outside expected directories during model downloads.

Since the vulnerability exploits path traversal during ZIP extraction, you can look for unexpected files created in system directories or overwritten Python files or startup scripts.

Suggested commands to detect potential exploitation include:

  • Check the installed Docling version: `pip show docling` or check the version in your environment.
  • Search for recently modified or created files outside expected directories, for example: `find /path/to/docling -type f -mtime -7` to find files modified in the last 7 days.
  • Look for suspicious files in common writable locations or Python directories: `find /usr/lib/python*/ -name '*.py' -mtime -7` or `find ~/.ssh -type f -mtime -7`.
  • Monitor network traffic for downloads of EasyOCR models from untrusted sources or over insecure channels.
  • Use file integrity monitoring tools to detect unexpected changes in critical files.
Mitigation Strategies

To mitigate this vulnerability, immediately upgrade Docling to version 2.91.0 or later, where the issue has been fixed by implementing path validation to prevent path traversal during ZIP extraction.

Additional recommended steps include:

  • Download EasyOCR models only over secure channels (e.g., HTTPS) to prevent supply chain attacks, DNS spoofing, or man-in-the-middle attacks.
  • Verify the integrity of downloaded models using checksums or signatures.
  • Run the Docling application with the minimal necessary permissions to limit the impact of any potential exploitation.
  • Review and monitor your system for any signs of compromise, such as unexpected file modifications or new files in sensitive locations.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44017. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart