Executive Summary

CVE-2026-44022 is a moderate severity vulnerability in the Docling library versions from 2.73.0 up to but not including 2.91.0. It arises because the LaTeX backend does not properly validate paths used in the \includegraphics, \input, and \include commands.

This lack of validation allows attackers to craft malicious LaTeX documents containing path traversal sequences (such as ../../../) that can read arbitrary files from the file system accessible to the process.

As a result, attackers could include sensitive files in the converted document output or potentially access configuration files, credentials, or other sensitive data.

The vulnerability is fixed in version 2.91.0 by adding strict path validation to prevent traversal outside the base document directory.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by allowing an attacker to read arbitrary files on the system where Docling processes LaTeX documents.

An attacker could include sensitive or confidential files in the output document, potentially exposing configuration files, credentials, or other private data.

The attack requires local access and user interaction but does not require privileges, making it a risk especially if untrusted LaTeX documents are processed.

To mitigate the risk, users should avoid processing untrusted LaTeX documents or use sandboxed environments.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves path traversal through malicious LaTeX documents processed by Docling versions from 2.73.0 up to but not including 2.91.0. Detection involves identifying if such vulnerable versions of Docling are in use and if untrusted LaTeX documents containing \includegraphics, \input, or \include commands with path traversal sequences are being processed.

There are no specific commands provided in the available resources to detect exploitation attempts or vulnerable usage on your system or network.

General detection approaches could include:

• Checking the installed Docling version to confirm if it is between 2.73.0 and 2.91.0.
• Monitoring logs or document inputs for LaTeX files containing suspicious path traversal patterns such as "../../../" in \includegraphics, \input, or \include commands.
• Using file integrity monitoring to detect unexpected file reads or inclusions triggered by Docling.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability immediately, users should upgrade Docling to version 2.91.0 or later, where the issue is fixed by adding strict path validation.

Additional recommended steps include:

• Avoid processing untrusted or unauthenticated LaTeX documents that could contain malicious path traversal sequences.
• Use sandboxed or isolated environments when processing LaTeX documents to limit potential damage from exploitation.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows attackers to read arbitrary files, including sensitive configuration files and credentials, by exploiting path traversal in LaTeX document processing. Exposure of such sensitive data could lead to non-compliance with data protection standards and regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information.

Organizations using affected versions of Docling (>=2.73.0, <2.91.0) without proper mitigation may risk unauthorized disclosure of sensitive data, potentially violating confidentiality requirements mandated by these regulations.

To maintain compliance, users are advised to upgrade to version 2.91.0 where the vulnerability is fixed, avoid processing untrusted LaTeX documents, or use sandboxed environments to limit exposure.

Useful 0 Not Useful 0