SecBoard
Zurück zur CVE-Übersicht

CVE-2026-44019

HIGH(8.1)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Risk Signal Score30/100 — MITTEL
  • CVSS 8.1 — Hoch
  • Weniger als 24 Stunden alt

Beschreibung

Docling Core defines core data types and transformations for the document processing application Docling. In versions 2.5.0 and above, prior to 2.74.1, docling-core could allow local file:// image references and accepted inline data: content without a decoded-size limit. In applications that accept untrusted image references, this may allow access to local files readable by the process or excessive memory use from large inline payloads. This issue has been fixed in version 2.74.1.

GitHub Advisories

GHSA-j5xp-7m2f-49jvHIGH

Docling Core: Insufficient validation of image reference URIs

pip/docling-core2.74.1
GitHub Advisory

Referenzen