← back
CVE-2026-47214

Docling: Unsafe URI and Path Handling in HTML Backend

CVSS 7.1 HIGHEPSS 0.2%CWE-400CWE-73
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.1EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
26 Jun 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Affected products
docling-project · docling

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/docling-project/docling/releases/tag/v2.94.0https://github.com/docling-project/docling/security/advisories/GHSA-q29v-xc37-wh5m