CVE-2026-44019 in docling-coreinfo

Summary

by MITRE • 07/17/2026

Docling Core defines core data types and transformations for the document processing application Docling. In versions 2.5.0 and above, prior to 2.74.1, docling-core could allow local file:// image references and accepted inline data: content without a decoded-size limit. In applications that accept untrusted image references, this may allow access to local files readable by the process or excessive memory use from large inline payloads. This issue has been fixed in version 2.74.1.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 07/17/2026

The vulnerability in docling-core represents a critical security flaw that enables unauthorized local file access and potential memory exhaustion through improper handling of image references. This issue affects versions 2.5.0 through 2.74.0, creating a window where applications processing untrusted documents could be exploited by malicious actors. The core problem lies in the application's failure to properly validate and limit image data sources, specifically allowing both file:// protocol references and inline data: content without adequate size restrictions.

The technical implementation of this vulnerability stems from insufficient input validation mechanisms within the document processing pipeline. When applications accept untrusted image references through docling-core, they process both local file paths and inline base64 encoded content without enforcing proper boundaries on decoded payload sizes. This design flaw allows attackers to reference local files accessible to the running process through file:// URLs or inject large inline data payloads that can exhaust available memory resources.

The operational impact of this vulnerability extends beyond simple information disclosure to include potential system compromise and resource exhaustion. An attacker could leverage file:// references to access sensitive local files that the processing application has read permissions for, potentially exposing configuration files, credentials, or other confidential data. Additionally, the lack of decoded-size limits on inline content enables memory exhaustion attacks that could cause denial of service conditions or potentially enable further exploitation through memory corruption vulnerabilities.

This vulnerability aligns with multiple CWE classifications including CWE-22 for improper limitation of a pathname to a restricted directory and CWE-400 for unchecked resource allocation. The attack surface maps to several ATT&CK techniques such as T1059 for command and scripting interpreter execution through file access, and T1499 for network denial of service through resource exhaustion. Organizations using affected versions should prioritize immediate patching to version 2.74.1 or later.

Mitigation strategies should focus on implementing comprehensive input validation and size limitation mechanisms. Applications processing untrusted documents must enforce strict boundaries on image data sources, rejecting file:// references unless absolutely necessary and implementing strict limits on inline content sizes. The fix in version 2.74.1 addresses these concerns by introducing proper validation checks that prevent both unauthorized local file access and excessive memory consumption through controlled payload size enforcement. Security teams should also consider implementing additional monitoring for unusual file access patterns or memory usage spikes that might indicate exploitation attempts.

Responsible

GitHub M

Reservation

05/04/2026

Disclosure

07/17/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!