๐Ÿ” CVE Alert

CVE-2026-44023

HIGH 8.6

Docling Core has unsafe remote filename resolution

CVSS Score
8.6
EPSS Score
0.0%
EPSS Percentile
0th

Docling Core defines core data types and transformations for the document processing application Docling. In versions 1.5.0 and above, prior to 2.74.1, docling-core did not sufficiently restrict remote request destinations and could resolve a server-provided Content-Disposition to a local path in an unsafe manner. In applications that accept untrusted URLs, this could allow SSRF attacks targeting local files outside the user-defined cache directory. This issue has been fixed in version 2.74.1.

CWE CWE-22 CWE-918
Vendor docling-project
Product docling-core
Published Jul 16, 2026
Stay Ahead of the Next One

Get instant alerts for docling-project docling-core

Be the first to know when new high vulnerabilities affecting docling-project docling-core are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
Low

Affected Versions

docling-project / docling-core
>= 1.5.0, < 2.74.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/docling-project/docling-core/security/advisories/GHSA-jmmv-h3mp-59v8 github.com: https://github.com/docling-project/docling-core/releases/tag/v2.74.1