CVE-2026-44017— Docling: Unsafe Zip Extraction in EasyOCR Model Download
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-44017
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Docling: Unsafe Zip Extraction in EasyOCR Model Download
Source: NVD (National Vulnerability Database)
Vulnerability Description
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromise the model download source (via supply chain attack, DNS spoofing, or MITM), they could write arbitrary files to any location writable by the process, potentially achieving remote code execution by overwriting Python files or system binaries, persistent backdoors by modifying startup scripts or SSH keys, and data corruption or system compromise. This vulnerability is fixed in 2.91.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| docling-project | docling | < 2.91.0 | - |
II. Public POCs for CVE-2026-44017
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-44017
请登录查看更多情报信息。
Other References for CVE-2026-44017 (2)
- 🔗 Release v2.91.0 · docling-project/docling · GitHubx_refsource_MISC
Same Patch Batch · docling-project · 2026-06-24 · 4 CVEs total
| CVE-2026-44016 | 8.2 HIGH | Docling: Unsafe Playwright-based HTML Rendering |
| CVE-2026-44020 | 7.5 HIGH | Docling: Unsafe XML Entity Expansion in USPTO Patent Backend |
| CVE-2026-44022 | 5.5 MEDIUM | Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands |
IV. Related Vulnerabilities
Same product: docling
- CVE-2026-47214
Docling: Unsafe URI and Path Handling in HTML Backend - CVE-2026-44018
Docling: Unsafe Archive Extraction and XML Parsing in METS-G - CVE-2026-44022
Docling: Potential Path Traversal via LaTeX \includegraphics - CVE-2026-44020
Docling: Unsafe XML Entity Expansion in USPTO Patent Backend - CVE-2026-44016
Docling: Unsafe Playwright-based HTML Rendering
Same vendor: docling-project
- CVE-2026-47214
Docling: Unsafe URI and Path Handling in HTML Backend - CVE-2026-44018
Docling: Unsafe Archive Extraction and XML Parsing in METS-G - CVE-2026-44022
Docling: Potential Path Traversal via LaTeX \includegraphics - CVE-2026-44020
Docling: Unsafe XML Entity Expansion in USPTO Patent Backend - CVE-2026-44016
Docling: Unsafe Playwright-based HTML Rendering
Same weakness: CWE-22
- CVE-2026-54557
mise HTTP backend uses raw version path for install symlink - CVE-2026-56876
extract-zip unvalidated symlink path traversal - CVE-2026-55677
Echo: Encoded slash (%2F) bypasses route-level protection an - CVE-2026-57321
WordPress H5P plugin <= 1.17.7 - Arbitrary File Deletion vul - CVE-2026-56066
WordPress ShortPixel Adaptive Images plugin <= 3.11.4 - Arbi
V. Comments for CVE-2026-44017
No comments yet