CVE-2026-24009
HIGH
GHSA-vqxf-v2gg-x3hc
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Tags
Description
Docling Core (or docling-core) is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution (RCE) vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version 2.48.4, specifically only if the application uses pyyaml prior to version 5.4 and invokes `docling_core.types.doc.DoclingDocument.load_from_yaml()` passing it untrusted YAML data. The vulnerability has been patched in docling-core version 2.48.4. The fix mitigates the issue by switching `PyYAML` deserialization from `yaml.FullLoader` to `yaml.SafeLoader`, ensuring that untrusted data cannot trigger code execution. Users who cannot immediately upgrade docling-core can alternatively ensure that the installed version of PyYAML is 5.4 or greater.
Analysis
Remote code execution in Docling Core versions 2.21.0 through 2.48.3 allows unauthenticated attackers to execute arbitrary code when applications deserialize untrusted YAML data using the `DoclingDocument.load_from_yaml()` method with vulnerable PyYAML versions. The vulnerability stems from unsafe deserialization practices (CWE-502) and affects document processing systems using affected library versions. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems using docling-core and determine PyYAML versions in use; isolate systems processing untrusted documents if possible. Within 7 days: Upgrade PyYAML to version 5.4 or later on all affected systems; implement input validation and disable YAML processing of untrusted data. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today