Docling GenAI Document Processor — Unsafe URI/Path Handling in HTML Backend

Docling prior to 2.94.0 has unsafe URI and path handling in its HTML backend (CVE-2026-47214, CVSS 7.1). A second issue (CVE-2026-44018, CVSS 5.5) in the METS-GBS backend allows XXE attacks via malicious archive files. Both were patched in recent releases and represent attack vectors through the document ingestion layer of GenAI pipelines.

Docling is a key document processing library for GenAI applications, parsing documents for RAG pipelines and LLM context. Malicious documents submitted to a Docling-powered ingestion pipeline can exploit these flaws to read server files, trigger SSRF, or perform XXE attacks — turning the document ingestion path into a remote attack vector against AI infrastructure.

The HTML backend in Docling performs unsafe URI and path handling when processing HTML documents. A maliciously crafted HTML file supplied to the document processor can exploit this to access files or resources outside the intended processing scope, potentially enabling path traversal or SSRF in document ingestion pipelines.

Docling < 2.94.0

Upgrade to Docling 2.94.0. See: https://github.com/docling-project/docling/releases/tag/v2.94.0