CVE-2026-44022: Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecos
Summary
Docling is a tool that converts documents in different formats and connects them with AI systems. Between versions 2.73.0 and 2.91.0, it had a security flaw in how it processed LaTeX files (a document formatting language), where attackers could use path traversal (a technique to access files outside intended directories) to read sensitive files like credentials or configuration data from a system.
Solution / Mitigation
This vulnerability is fixed in version 2.91.0.
Vulnerability Details
5.5(medium)
EPSS: 0.0%
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
local
low
none
required
June 24, 2026
Classification
Affected Vendors
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-44022
First tracked: June 25, 2026 at 08:22 AM
Classified by LLM (prompt v3) · confidence: 85%