Docling: Unsafe URI and Path Handling in HTML Backend

7.1 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L

Description

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0.

Basic Information

ID CVE-2026-47214

Source GitHub_M

Published Jun 26, 2026 at 15:45

Affected Product

Vendor docling-project

Product docling

Version < 2.94.0

Affected Versions docling-project docling < 2.94.0

CWE Classification

CWE-73 CWE-400

References

{
    "lastseen": "",
    "description": "Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0.",
    "published": "2026-06-26T15:45:04.659Z",
    "modified": "2026-06-26T15:45:04.659Z",
    "type": "cve",
    "title": "Docling: Unsafe URI and Path Handling in HTML Backend",
    "source": "GitHub_M",
    "references": "https://github.com/docling-project/docling/security/advisories/GHSA-q29v-xc37-wh5m\nhttps://github.com/docling-project/docling/releases/tag/v2.94.0",
    "id": "CVE-2026-47214",
    "bulletinFamily": "",
    "cwe": [
        "CWE-73",
        "CWE-400"
    ],
    "cvelist": null,
    "sourceData": "docling-project docling < 2.94.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "docling",
    "version": "< 2.94.0",
    "vendor": "docling-project",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Docling: Unsafe URI and Path Handling in HTML Backend_CVE-2026-47214