PYSEC-2026-2146

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/docling/PYSEC-2026-2146.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-2146
Aliases
Published
2026-06-26T16:16:31.373Z
Modified
2026-07-13T07:15:23.485689409Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L CVSS Calculator
Summary
[none]
Details

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0.

References

Affected packages

PyPI / docling

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.94.0

Affected versions

0.*
0.1.0
0.1.1
0.1.2
0.2.0
0.3.0
0.3.1
0.4.0
1.*
1.0.0
1.0.1
1.0.2
1.1.0
1.1.1
1.1.2
1.2.0
1.2.1
1.3.0
1.4.0
1.5.0
1.6.0
1.6.1
1.6.2
1.6.3
1.7.0
1.7.1
1.8.0
1.8.1
1.8.2
1.8.3
1.8.4
1.8.5
1.9.0
1.10.0
1.11.0
1.12.0
1.12.1
1.12.2
1.13.0
1.13.1
1.14.0
1.15.0
1.16.0
1.16.1
1.17.0
1.18.0
1.19.0
1.19.1
1.20.0
2.*
2.0.0
2.1.0
2.2.0
2.2.1
2.3.0
2.3.1
2.4.0
2.4.1
2.4.2
2.5.0
2.5.1
2.5.2
2.6.0
2.7.0
2.7.1
2.8.0
2.8.1
2.8.2
2.8.3
2.9.0
2.10.0
2.11.0
2.12.0
2.13.0
2.14.0
2.15.0
2.15.1
2.16.0
2.17.0
2.18.0
2.19.0
2.20.0
2.21.0
2.22.0
2.23.0
2.23.1
2.24.0
2.25.0
2.25.1
2.25.2
2.26.0
2.27.0
2.28.0
2.28.1
2.28.2
2.28.3
2.28.4
2.29.0
2.30.0
2.31.0
2.31.1
2.31.2
2.32.0
2.33.0
2.34.0
2.35.0
2.36.0
2.36.1
2.37.0
2.38.0
2.38.1
2.39.0
2.40.0
2.41.0
2.42.0
2.42.1
2.42.2
2.43.0
2.44.0
2.45.0
2.46.0
2.47.0
2.47.1
2.48.0
2.49.0
2.50.0
2.51.0
2.52.0
2.53.0
2.54.0
2.55.0
2.55.1
2.56.0
2.56.1
2.57.0
2.58.0
2.59.0
2.60.0
2.60.1
2.61.0
2.61.1
2.61.2
2.62.0
2.63.0
2.64.0
2.64.1
2.65.0
2.66.0
2.67.0
2.68.0
2.69.0
2.69.1
2.70.0
2.71.0
2.72.0
2.73.0
2.73.1
2.74.0
2.75.0
2.76.0
2.77.0
2.78.0
2.79.0
2.80.0
2.81.0
2.82.0
2.83.0
2.84.0
2.85.0
2.86.0
2.87.0
2.88.0
2.89.0
2.90.0
2.91.0
2.92.0
2.93.0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/docling/PYSEC-2026-2146.yaml"