PT-2026-46104 — Docling

PT-2026-46104 · Pypi · Docling

Published

2026-06-03

Updated

2026-06-03

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L

The HTML backend did not perform sufficient validation during resource handling:

Accepted file:// URIs enabling local file system access when enable local fetch=True
Path resolution allowed traversal outside intended directories via ../ sequences and absolute paths
Did not block internal network resources under enable remote fetch=True
HTTP redirects were not validated, potentially redirecting to unintended schemes
No resource limits for remote image downloads and data: URIs

Fixed in versions 2.91.0 (initial fixes) and 2.94.0 (additional improvements). The fixes implement:

Updated local path treatment: absolute files always blocked, relative paths require enable local fetch=True (default: False) and containment within configured base path for path traversal protection
file:// scheme stripped & treated as local path (above)
IP address validation to prevent SSRF
HTTP redirect validation, connection and read timeouts
Size limit for both remote images (with streaming download) and base64-decoded data URIs

Keep both enable local fetch=False and enable remote fetch=False (defaults) when processing untrusted HTML documents.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

GHSA-Q29V-XC37-WH5M

Docling