{"data":{"id":"f4cce2b5-f08d-4be4-9da7-103f5bb8fc1f","title":"CVE-2026-44016: Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecos","summary":"Docling is a tool that processes different document formats and connects them to AI systems. In versions 2.82.0 through 2.90.0, if HTML rendering was turned on, an attacker could create malicious HTML documents that run unauthorized JavaScript code or access internal network services, potentially leading to SSRF attacks (where the server makes unintended requests to internal systems), data theft, or RCE (remote code execution, where attackers run commands on a system they don't own).","solution":"Upgrade to version 2.91.0, where the vulnerability is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-44016","publishedAt":"2026-06-24T18:17:16.353Z","cveId":"CVE-2026-44016","cweIds":["CWE-94","CWE-918"],"cvssScore":"8.2","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["Docling"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L","attackVector":"network","attackComplexity":"high","privilegesRequired":"none","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-24T18:17:16.353Z","capecIds":["CAPEC-242","CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":["AML.T0010"]}}