CVE-2026-47214
Received Received - Intake
HTML URI Path Handling Vulnerability in Docling

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: GitHub, Inc.

Description
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-47214
EUVD
EUVD-2026-39791
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
docling_project docling to 2.94.0 (exc)
docling_project docling 2.91.0
docling_project docling 2.94.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The CVE-2026-47214 vulnerability affects the Docling library versions prior to 2.94.0, specifically in its HTML backend. The issue involves unsafe handling of URIs and file paths, which can lead to security risks such as unauthorized access to local files, path traversal attacks, and unintended access to network resources.

This vulnerability occurs when the options `enable_local_fetch` or `enable_remote_fetch` are enabled, as the backend does not properly validate the resources it processes. Attackers can exploit this by using `file://` URIs to access local files, path traversal sequences like `../` to escape intended directories, or by accessing internal network resources.

Additionally, the lack of validation for HTTP redirects and resource limits can lead to uncontrolled resource consumption, such as excessive downloads or processing of data URIs.

Impact Analysis

This vulnerability can have significant impacts including unauthorized access to sensitive local files and internal network resources, which compromises confidentiality.

It can also lead to resource exhaustion due to uncontrolled downloads or processing, potentially causing denial of service or degraded performance.

The vulnerability does not require user interaction to be exploited, increasing the risk of automated or remote attacks.

Detection Guidance

This vulnerability involves unsafe handling of URIs and file paths in the Docling HTML backend when the options `enable_local_fetch` or `enable_remote_fetch` are enabled. Detection can focus on identifying whether these options are enabled and monitoring for suspicious URI patterns such as `file://` URIs or path traversal sequences like `../` in processed documents.

You can check your Docling configuration or code to see if `enable_local_fetch` or `enable_remote_fetch` are set to true. Additionally, monitoring logs or network traffic for unusual access to local files or internal network resources triggered by these options may help detect exploitation attempts.

Specific commands depend on your environment, but examples include:

  • Review configuration files or code for `enable_local_fetch` and `enable_remote_fetch` settings.
  • Use network monitoring tools (e.g., tcpdump, Wireshark) to detect unexpected outbound requests or file access patterns.
  • Search logs for URI patterns like `file://` or path traversal sequences (`../`). For example, using grep: `grep -r "file://" /path/to/logs` or `grep -r "\.\./" /path/to/logs`.
Mitigation Strategies

The primary immediate mitigation is to ensure that both `enable_local_fetch` and `enable_remote_fetch` options are disabled when processing untrusted HTML documents.

Additionally, upgrading Docling to version 2.94.0 or later, where this vulnerability is fixed, is strongly recommended.

By disabling these options and applying the update, you prevent exploitation paths such as local file access, path traversal, and unintended network resource access.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-47214. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart