HIGHCVE-2026-47214Published 2026-06-26Modified 2026-06-26CNA GitHub_M

CVE-2026-47214: Docling: Unsafe URI and Path Handling in HTML Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0.

CVSS v3.1: 7.1
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

docling-project / docling
< 2.94.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L

References

https://github.com/docling-project/docling/security/advisories/GHSA-q29v-xc37-wh5m
https://github.com/docling-project/docling/releases/tag/v2.94.0

Metrics

Get notified