GHSA-q29v-xc37-wh5m

Source

https://github.com/advisories/GHSA-q29v-xc37-wh5m

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/06/GHSA-q29v-xc37-wh5m/GHSA-q29v-xc37-wh5m.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-q29v-xc37-wh5m

Aliases

CVE-2026-47214

Published

2026-06-03T21:15:02Z

Modified

2026-06-03T21:30:07.092739486Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L CVSS Calculator

Summary

Docling: Unsafe URI and Path Handling in HTML Backend

Details

Impact

The HTML backend did not perform sufficient validation during resource handling: - Accepted file:// URIs enabling local file system access when enable_local_fetch=True - Path resolution allowed traversal outside intended directories via ../ sequences and absolute paths - Did not block internal network resources under enable_remote_fetch=True - HTTP redirects were not validated, potentially redirecting to unintended schemes - No resource limits for remote image downloads and data: URIs

Patches

Fixed in versions 2.91.0 (initial fixes) and 2.94.0 (additional improvements). The fixes implement: - Updated local path treatment: absolute files always blocked, relative paths require enable_local_fetch=True (default: False) and containment within configured base_path for path traversal protection - file:// scheme stripped & treated as local path (above) - IP address validation to prevent SSRF - HTTP redirect validation, connection and read timeouts - Size limit for both remote images (with streaming download) and base64-decoded data URIs

Workarounds

Keep both enable_local_fetch=False and enable_remote_fetch=False (defaults) when processing untrusted HTML documents.

References

Initial fixes: v2.91.0
Additional improvements: v2.94.0

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-400",
        "CWE-73"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-03T21:15:02Z"
}

References

Affected packages

PyPI / docling

Package

Name: docling; View open source insights on deps.dev
Purl: pkg:pypi/docling

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.94.0

Affected versions

0.*

0.1.0

0.1.1

0.1.2

0.2.0

0.3.0

0.3.1

0.4.0

1.*

1.0.0

1.0.1

1.0.2

1.1.0

1.1.1

1.1.2

1.2.0

1.2.1

1.3.0

1.4.0

1.5.0

1.6.0

1.6.1

1.6.2

1.6.3

1.7.0

1.7.1

1.8.0

1.8.1

1.8.2

1.8.3

1.8.4

1.8.5

1.9.0

1.10.0

1.11.0

1.12.0

1.12.1

1.12.2

1.13.0

1.13.1

1.14.0

1.15.0

1.16.0

1.16.1

1.17.0

1.18.0

1.19.0

1.19.1

1.20.0

2.*

2.0.0

2.1.0

2.2.0

2.2.1

2.3.0

2.3.1

2.4.0

2.4.1

2.4.2

2.5.0

2.5.1

2.5.2

2.6.0

2.7.0

2.7.1

2.8.0

2.8.1

2.8.2

2.8.3

2.9.0

2.10.0

2.11.0

2.12.0

2.13.0

2.14.0

2.15.0

2.15.1

2.16.0

2.17.0

2.18.0

2.19.0

2.20.0

2.21.0

2.22.0

2.23.0

2.23.1

2.24.0

2.25.0

2.25.1

2.25.2

2.26.0

2.27.0

2.28.0

2.28.1

2.28.2

2.28.3

2.28.4

2.29.0

2.30.0

2.31.0

2.31.1

2.31.2

2.32.0

2.33.0

2.34.0

2.35.0

2.36.0

2.36.1

2.37.0

2.38.0

2.38.1

2.39.0

2.40.0

2.41.0

2.42.0

2.42.1

2.42.2

2.43.0

2.44.0

2.45.0

2.46.0

2.47.0

2.47.1

2.48.0

2.49.0

2.50.0

2.51.0

2.52.0

2.53.0

2.54.0

2.55.0

2.55.1

2.56.0

2.56.1

2.57.0

2.58.0

2.59.0

2.60.0

2.60.1

2.61.0

2.61.1

2.61.2

2.62.0

2.63.0

2.64.0

2.64.1

2.65.0

2.66.0

2.67.0

2.68.0

2.69.0

2.69.1

2.70.0

2.71.0

2.72.0

2.73.0

2.73.1

2.74.0

2.75.0

2.76.0

2.77.0

2.78.0

2.79.0

2.80.0

2.81.0

2.82.0

2.83.0

2.84.0

2.85.0

2.86.0

2.87.0

2.88.0

2.89.0

2.90.0

2.91.0

2.92.0

2.93.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/06/GHSA-q29v-xc37-wh5m/GHSA-q29v-xc37-wh5m.json"