CVE-2026-44018
Received Received - Intake
Path Traversal in Docling Document Processing Library

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: GitHub, Inc.

Description
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS archives that, when processed, could read sensitive files, exhaust system resources, or cause application crashes. This vulnerability is fixed in 2.91.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-44018
EUVD
EUVD-2026-39790
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
docling_project docling From 2.45.0 (inc) to 2.91.0 (exc)
docling_project docling 2.91.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-611 The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
CWE-776 The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.
CWE-409 The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in CVE-2026-44018 affects the METS-GBS backend of the Docling library versions from 2.45.0 up to but not including 2.91.0. It involves unsafe XML parsing and input document format detection that lack proper security controls.

An attacker can craft malicious METS-GBS archives that exploit XML External Entity (XXE) attacks to read sensitive local files or cause denial of service. Additionally, specially crafted archives can exhaust system resources through decompression bombs (zip bombs) or unbounded archive extraction, leading to application crashes or resource exhaustion.

This vulnerability was fixed in version 2.91.0 by introducing secure XML parsing with disabled entity resolution, DTD loading, and network access, as well as configurable limits on extraction size, file size, member count, and cumulative size tracking.

Impact Analysis

This vulnerability can impact you by allowing an attacker to read sensitive files on your system if you process malicious METS-GBS archives.

It can also cause denial of service by exhausting system resources such as memory and disk space, potentially crashing the application or making it unavailable.

The attack requires local access, low complexity, no privileges, but does require user interaction.

Detection Guidance

This vulnerability affects the METS-GBS backend in Docling versions from 2.45.0 up to but not including 2.91.0, involving unsafe XML parsing and archive extraction.

Detection can involve identifying usage of vulnerable Docling versions and monitoring for processing of METS-GBS archives that could trigger XML External Entity (XXE) attacks or decompression bombs.

As the attack vector is local and requires user interaction, commands to check the installed Docling version can help detect vulnerability presence, for example:

  • docling --version

Additionally, monitoring system logs for application crashes or resource exhaustion during METS-GBS archive processing may indicate exploitation attempts.

Since the vulnerability involves XML parsing, tools that scan XML files for external entity declarations (e.g., searching for "<!ENTITY" or "<!DOCTYPE") in METS-GBS archives could help detect malicious inputs.

Mitigation Strategies

The primary mitigation is to upgrade Docling to version 2.91.0 or later, where the vulnerability is fixed.

Version 2.91.0 introduces secure XML parsing by disabling entity resolution, DTD loading, and network access, and enforces configurable limits on archive extraction size and member count.

If upgrading immediately is not possible, avoid processing METS-GBS archives from untrusted sources.

Alternatively, pre-validate METS-GBS archives in an isolated environment with resource limits to prevent resource exhaustion or crashes.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44018. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart