CVE-2026-47214: Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecos
highvulnerability
security
Summary
Docling is a tool that helps process documents by reading different file formats and connecting with AI systems. Before version 2.94.0, Docling's HTML backend had unsafe handling of URIs and file paths (ways of locating files on a computer), which could be exploited as a security weakness. This issue was fixed in version 2.94.0.
Solution / Mitigation
Update Docling to version 2.94.0 or later, where the vulnerability is fixed.
Vulnerability Details
CVSS Score
7.1(high)
EPSS (30-day exploit probability)
EPSS: 0.0%
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Attack Vector
network
Attack Complexity
low
Privileges Required
none
User Interaction
required
Disclosure Date
June 26, 2026
Classification
Attack Type
Other
Attack SophisticationModerate
Impact (CIA+S)
integrityconfidentiality
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-47214
First tracked: June 27, 2026 at 02:02 AM
Classified by LLM (prompt v3) · confidence: 85%