GHSA-r3xg-rg9j-67fv

Source

https://github.com/advisories/GHSA-r3xg-rg9j-67fv

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/06/GHSA-r3xg-rg9j-67fv/GHSA-r3xg-rg9j-67fv.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-r3xg-rg9j-67fv

Aliases

CVE-2026-44018

Published

2026-06-03T21:13:32Z

Modified

2026-06-03T21:30:07.054679692Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend

Details

Impact

The METS-GBS backend's XML parsing and the input document format detection lacked security controls, enabling: - XML External Entity (XXE) attacks to read local files or cause denial of service - Decompression bombs (zip bombs) to exhaust memory and disk space - Unbounded archive extraction consuming system resources

An attacker could craft malicious METS-GBS archives that, when processed, could read sensitive files, exhaust system resources, or cause application crashes.

Patches

Fixed in version 2.91.0. The fix implements: - Secure XML parsing with resolve_entities=False, load_dtd=False, and no_network=True - Configurable limits: 300 MB total extraction size, 10 MB per file, 1000 member count - Cumulative size tracking across all extractions - Early termination when limits are exceeded - Secure format detection of METS-GBS tar archives with _detect_mets_gbs() method: maximum file size (10 MB per file), maximum member count (1000 members), and exception handling to gracefully fail when limits are exceeded

Workarounds

Avoid processing METS-GBS archives from untrusted sources. If necessary, pre-validate archives in an isolated environment with resource limits.

References

Fix release: v2.91.0

Database specific

{
    "github_reviewed_at": "2026-06-03T21:13:32Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-409",
        "CWE-611",
        "CWE-776"
    ],
    "github_reviewed": true,
    "nvd_published_at": null
}

References

Affected packages

PyPI / docling

Package

Name: docling; View open source insights on deps.dev
Purl: pkg:pypi/docling

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.45.0

Fixed

2.91.0

Affected versions

2.*

2.45.0

2.46.0

2.47.0

2.47.1

2.48.0

2.49.0

2.50.0

2.51.0

2.52.0

2.53.0

2.54.0

2.55.0

2.55.1

2.56.0

2.56.1

2.57.0

2.58.0

2.59.0

2.60.0

2.60.1

2.61.0

2.61.1

2.61.2

2.62.0

2.63.0

2.64.0

2.64.1

2.65.0

2.66.0

2.67.0

2.68.0

2.69.0

2.69.1

2.70.0

2.71.0

2.72.0

2.73.0

2.73.1

2.74.0

2.75.0

2.76.0

2.77.0

2.78.0

2.79.0

2.80.0

2.81.0

2.82.0

2.83.0

2.84.0

2.85.0

2.86.0

2.87.0

2.88.0

2.89.0

2.90.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/06/GHSA-r3xg-rg9j-67fv/GHSA-r3xg-rg9j-67fv.json"