CVE-2026-44520

Name of the Vulnerable Software and Affected Versions Docling-Graph versions prior to 1.5.1

Description The URLInputHandler class in docling graph/core/input/handlers.py makes HTTP requests to user-supplied URLs without validating if the target resolves to a private, loopback, or link-local IP address. The URLValidator only verifies the scheme and that the netloc is not empty, omitting IP-level validation. Furthermore, the requests.head() function was called with allow redirects=True, which enables an attacker to redirect requests to internal endpoints through an intermediary URL. An attacker controlling the --source CLI argument or the PipelineConfig.source API parameter can trigger Server-Side Request Forgery (SSRF), a flaw where the server is coerced into making unintended requests. This can be used to access cloud metadata endpoints to steal IAM credentials or reach internal services on loopback or private network ranges.

Recommendations Update to version 1.5.1. Ensure all URLs passed to URLInputHandler come exclusively from trusted, internal sources and never from user-supplied or external input.