CVE Catalog

CVE-2026-47214

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile — higher than 12% of all known CVEs

Summary

In Docling prior to version 2.94.0, unsafe URI and path handling was found in the HTML backend. This vulnerability could allow an attacker to perform unauthorized operations on files or network resources.

Risk Assessment

The organization is at risk of potential data integrity breaches or exposure of confidential information through manipulation of file paths or URIs in processed HTML documents.

Recommendation

Immediately update Docling to version 2.94.0 or later, which contains the fix for this vulnerability.

Original NVD description (English source)

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS