{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-44020/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-30T03:19:04.523Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-44020","@id":"https://www.cve.org/CVERecord?id=CVE-2026-44020","description":"Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString() without protection against XML External Entity (XXE) attacks. An attacker could craft malicious USPTO patent XML files with external entity references that could read arbitrary files from the server filesystem, perform Server-Side Request Forgery (SSRF) attacks, or cause denial "},"products":[{"@id":"cpe:2.3:a:docling-project:docling:\\>\\=_2.13.0\\,_\\<_2.74.0:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:docling-project:docling:\\>\\=_2.13.0\\,_\\<_2.74.0:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"No fixed version is published yet; monitor the upstream advisory.","timestamp":"2026-06-30T03:19:04.523Z"}]}