CVE-2026-44016: Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecos
Summary
Docling is a tool that processes different document formats and connects them to AI systems. In versions 2.82.0 through 2.90.0, if HTML rendering was turned on, an attacker could create malicious HTML documents that run unauthorized JavaScript code or access internal network services, potentially leading to SSRF attacks (where the server makes unintended requests to internal systems), data theft, or RCE (remote code execution, where attackers run commands on a system they don't own).
Solution / Mitigation
Upgrade to version 2.91.0, where the vulnerability is fixed.
Vulnerability Details
8.2(high)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L
network
high
none
required
June 24, 2026
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-44016
First tracked: June 25, 2026 at 08:22 AM
Classified by LLM (prompt v3) · confidence: 85%