Back to CVE List

CVE-2026-44019

HIGH SEVERITY

CVSS Score & Metrics

Base Score
8.1 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Vulnerability Description

Docling Core defines core data types and transformations for the document processing application Docling. In versions 2.5.0 and above, prior to 2.74.1, docling-core could allow local file:// image references and accepted inline data: content without a decoded-size limit. In applications that accept untrusted image references, this may allow access to local files readable by the process or excessive memory use from large inline payloads. This issue has been fixed in version 2.74.1.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-73
Source
GitHub
Vendor
pip
Product
docling-core

External References

Discussion (0)

Add Comment

No comments yet. Be the first!