Skip to main content

Docling CVE-2026-44016

| EUVDEUVD-2026-39003 HIGH
Code Injection (CWE-94)
2026-06-03 https://github.com/docling-project/docling GHSA-pj2v-ggqh-cmq2
8.2
CVSS 3.1 · Vendor: https://github.com/docling-project/docling
Share

Severity by source

Vendor (https://github.com/docling-project/docling) PRIMARY
8.2 HIGH
AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L
Red Hat
8.2 HIGH
qualitative

Primary rating from Vendor (https://github.com/docling-project/docling).

CVSS VectorVendor: https://github.com/docling-project/docling

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
Low

Lifecycle Timeline

3
Source Code Evidence Fetched
Jun 03, 2026 - 21:48 vuln.today
Analysis Generated
Jun 03, 2026 - 21:48 vuln.today
CVE Published
Jun 03, 2026 - 21:09 nvd
HIGH 8.2

DescriptionCVE.org

Impact

In versions >= 2.82.0, < 2.91.0, if the HTML backend was explicitly configured for rendering (rendering option by default deactivated), then the Playwright-based rendering feature could allow JavaScript execution and unrestricted network access when processing untrusted HTML documents. An attacker could craft malicious HTML that executes arbitrary JavaScript in the rendering context or makes unauthorized network requests to internal services, potentially leading to SSRF attacks, data exfiltration, or remote code execution in the rendering environment.

Patches

Fixed in version 2.91.0. The rendering context now explicitly disables JavaScript execution (java_script_enabled=False) and implements network isolation controls. When enable_remote_fetch is disabled, the browser operates in offline mode, preventing all network requests.

Workarounds

Refrain from using render_page=True when processing untrusted HTML documents.

References

AnalysisAI

Server-side request forgery and potential remote code execution in Docling versions 2.82.0 through 2.90.x affect deployments that explicitly enable the Playwright-based HTML rendering backend. When render_page=True is set, untrusted HTML documents can execute arbitrary JavaScript in the rendering browser context and reach internal network services, enabling SSRF, data exfiltration, or code execution in the rendering environment. No public exploit identified at time of analysis, and the issue is not in CISA KEV, but a vendor-confirmed fix exists in 2.91.0.

Technical ContextAI

Docling is a Python document-processing library (pkg:pip/docling) that converts documents such as HTML into structured outputs. The vulnerable code path uses Playwright - a headless-browser automation framework - to render HTML pages when the optional rendering mode is enabled. Because the browser context was launched with JavaScript execution allowed and without network isolation, any script tags or fetch/XHR calls inside attacker-supplied HTML executed against the rendering host's network position. The root cause is classified as CWE-94 (Improper Control of Generation of Code, i.e. code injection): untrusted HTML is effectively executed as code inside a privileged browser session that has access to the host's internal network.

RemediationAI

Vendor-released patch: 2.91.0 - upgrade Docling to version 2.91.0 or later, where the rendering context is launched with java_script_enabled=False and network access is gated by enable_remote_fetch (which, when disabled, runs the browser fully offline). The vendor-supplied workaround for sites that cannot upgrade immediately is to refrain from setting render_page=True when processing untrusted HTML documents; this prevents the vulnerable Playwright path from being invoked but also removes the visual rendering capability for those workloads. Additional compensating controls include running the rendering worker in a network-isolated container with egress restricted to required hosts only (mitigates SSRF reach but adds operational complexity) and validating/sanitizing inbound HTML upstream. Refer to the GHSA advisory at https://github.com/docling-project/docling/security/advisories/GHSA-pj2v-ggqh-cmq2 and the 2.91.0 release notes at https://github.com/docling-project/docling/releases/tag/v2.91.0.

Vendor StatusVendor

Share

CVE-2026-44016 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy