CVE-2026-44017

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromise the model download source (via supply chain attack, DNS spoofing, or MITM), they could write arbitrary files to any location writable by the process, potentially achieving remote code execution by overwriting Python files or system binaries, persistent backdoors by modifying startup scripts or SSH keys, and data corruption or system compromise. This vulnerability is fixed in 2.91.0.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/docling-project/docling/releases/tag/v2.91.0	Product Release Notes
https://github.com/docling-project/docling/security/advisories/GHSA-cjqg-rq2h-2fvj	Mitigation Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:docling:docling:*:*:*:*:*:python:*:*

History

26 Jun 2026, 19:58

Type	Values Removed	Values Added
References	~~() https://github.com/docling-project/docling/releases/tag/v2.91.0 -~~	() https://github.com/docling-project/docling/releases/tag/v2.91.0 - Product, Release Notes
References	~~() https://github.com/docling-project/docling/security/advisories/GHSA-cjqg-rq2h-2fvj -~~	() https://github.com/docling-project/docling/security/advisories/GHSA-cjqg-rq2h-2fvj - Mitigation, Patch, Vendor Advisory
First Time		Docling Docling docling
CPE		cpe:2.3:a:docling:docling::::::python::*

24 Jun 2026, 18:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-06-24 18:17

Updated : 2026-06-26 19:58

NVD link : CVE-2026-44017

Mitre link : CVE-2026-44017

CVE.ORG link : CVE-2026-44017

JSON object : View

Products Affected

docling

docling

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2026-44017", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-44017", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2026-06-25T19:56:36.319500Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "affected": [{"source": "security-advisories@github.com", "affectedData": [{"vendor": "docling-project", "product": "docling", "versions": [{"status": "affected", "version": "< 2.91.0"}]}]}], "published": "2026-06-24T18:17:17.337", "references": [{"url": "https://github.com/docling-project/docling/releases/tag/v2.91.0", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/docling-project/docling/security/advisories/GHSA-cjqg-rq2h-2fvj", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromise the model download source (via supply chain attack, DNS spoofing, or MITM), they could write arbitrary files to any location writable by the process, potentially achieving remote code execution by overwriting Python files or system binaries, persistent backdoors by modifying startup scripts or SSH keys, and data corruption or system compromise. This vulnerability is fixed in 2.91.0."}], "lastModified": "2026-06-26T19:58:41.237", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:docling:docling:*:*:*:*:*:python:*:*", "vulnerable": true, "matchCriteriaId": "E1D51CB2-AC97-4385-9B51-0CEB21E0F697", "versionEndExcluding": "2.91.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}