{"data":{"id":"af135b3a-ffb7-4dbf-90eb-8d990eb04dc9","title":"CVE-2026-44022: Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecos","summary":"Docling is a tool that converts documents in different formats and connects them with AI systems. Between versions 2.73.0 and 2.91.0, it had a security flaw in how it processed LaTeX files (a document formatting language), where attackers could use path traversal (a technique to access files outside intended directories) to read sensitive files like credentials or configuration data from a system.","solution":"This vulnerability is fixed in version 2.91.0.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-44022","publishedAt":"2026-06-24T18:17:17.593Z","cveId":"CVE-2026-44022","cweIds":["CWE-22"],"cvssScore":"5.5","cvssSeverity":"medium","severity":"medium","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Docling"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","attackVector":"local","attackComplexity":"low","privilegesRequired":"none","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-24T18:17:17.593Z","capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}