CVE-2026-44022

Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands

CVSS 5.5 MEDIUMEPSS 0.1%CWE-22

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.5EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

24 jun 2026Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.73.0 until 2.91.0, he LaTeX backend's handling of \includegraphics, \input, and \include commands lacked path containment validation. Attackers could craft malicious LaTeX documents with path traversal sequences to read arbitrary files from the file system accessible to the process, include sensitive files in the converted document output, or potentially access configuration files, credentials, or other sensitive data This vulnerability is fixed in 2.91.0.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Productos afectados

docling-project · docling

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/docling-project/docling/releases/tag/v2.91.0 https://github.com/docling-project/docling/security/advisories/GHSA-2j5p-7p5m-cvqr