CVE-2026-44018: Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecos
Summary
Docling is a tool that processes documents in different formats and connects them with AI systems. Versions 2.45.0 through 2.91.0 had security flaws in how they parsed METS-GBS archives (a type of compressed document file), allowing attackers to craft malicious files that could steal sensitive data, use up system resources, or crash the application.
Solution / Mitigation
This vulnerability is fixed in version 2.91.0. Users should update to this version or later.
Vulnerability Details
5.5(medium)
EPSS: 0.0%
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
local
low
none
required
June 26, 2026
Classification
Affected Vendors
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-44018
First tracked: June 27, 2026 at 02:02 AM
Classified by LLM (prompt v3) · confidence: 85%