CVE-2026-44022

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.73.0 until 2.91.0, he LaTeX backend's handling of \includegraphics, \input, and \include commands lacked path containment validation. Attackers could craft malicious LaTeX documents with path traversal sequences to read arbitrary files from the file system accessible to the process, include sensitive files in the converted document output, or potentially access configuration files, credentials, or other sensitive data This vulnerability is fixed in 2.91.0.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/docling-project/docling/releases/tag/v2.91.0	Product Release Notes
https://github.com/docling-project/docling/security/advisories/GHSA-2j5p-7p5m-cvqr	Mitigation Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:docling:docling:*:*:*:*:*:python:*:*

History

26 Jun 2026, 19:58

Type	Values Removed	Values Added
First Time		Docling Docling docling
References	~~() https://github.com/docling-project/docling/releases/tag/v2.91.0 -~~	() https://github.com/docling-project/docling/releases/tag/v2.91.0 - Product, Release Notes
References	~~() https://github.com/docling-project/docling/security/advisories/GHSA-2j5p-7p5m-cvqr -~~	() https://github.com/docling-project/docling/security/advisories/GHSA-2j5p-7p5m-cvqr - Mitigation, Patch, Vendor Advisory
CPE		cpe:2.3:a:docling:docling::::::python::*

24 Jun 2026, 18:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-06-24 18:17

Updated : 2026-06-26 19:58

NVD link : CVE-2026-44022

Mitre link : CVE-2026-44022

CVE.ORG link : CVE-2026-44022

JSON object : View

Products Affected

docling

docling

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2026-44022", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-44022", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-25T13:17:46.252428Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "affected": [{"source": "security-advisories@github.com", "affectedData": [{"vendor": "docling-project", "product": "docling", "versions": [{"status": "affected", "version": ">= 2.73.0, < 2.91.0"}]}]}], "published": "2026-06-24T18:17:17.593", "references": [{"url": "https://github.com/docling-project/docling/releases/tag/v2.91.0", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/docling-project/docling/security/advisories/GHSA-2j5p-7p5m-cvqr", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.73.0 until 2.91.0, he LaTeX backend's handling of \\includegraphics, \\input, and \\include commands lacked path containment validation. Attackers could craft malicious LaTeX documents with path traversal sequences to read arbitrary files from the file system accessible to the process, include sensitive files in the converted document output, or potentially access configuration files, credentials, or other sensitive data This vulnerability is fixed in 2.91.0."}], "lastModified": "2026-06-26T19:58:04.523", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:docling:docling:*:*:*:*:*:python:*:*", "vulnerable": true, "matchCriteriaId": "DDA643FB-5BC0-4CE7-95D9-3F010EA3D49F", "versionEndExcluding": "2.91.0", "versionStartIncluding": "2.73.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}