<Vulnerability name="CVE-2026-44018">
    <DocumentDistribution xml:lang="en">Copyright © 2012 Red Hat, Inc. All rights reserved.</DocumentDistribution>
    <ThreatSeverity>Moderate</ThreatSeverity>
    <PublicDate>2026-06-26T15:40:42</PublicDate>
    <Bugzilla id="2493607" url="https://bugzilla.redhat.com/show_bug.cgi?id=2493607" xml:lang="en:us">
docling: Docling: Denial of Service via crafted document archives
    </Bugzilla>
    <CVSS3 status="draft">
        <CVSS3BaseScore>5.5</CVSS3BaseScore>
        <CVSS3ScoringVector>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</CVSS3ScoringVector>
    </CVSS3>
    <CWE>CWE-611</CWE>
    <Details xml:lang="en:us" source="Mitre">
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS archives that, when processed, could read sensitive files, exhaust system resources, or cause application crashes. This vulnerability is fixed in 2.91.0.
    </Details>
    <Details xml:lang="en:us" source="Red Hat">
A flaw was found in Docling, a tool for document processing. The METS-GBS backend, responsible for parsing XML and detecting document formats, lacked sufficient security controls. This allowed an attacker to create specially crafted METS-GBS archives. When these archives were processed, they could lead to the exhaustion of system resources or cause the application to crash, resulting in a Denial of Service (DoS). Additionally, this vulnerability could also enable the disclosure of sensitive files.
    </Details>
    <Statement xml:lang="en:us">
The vulnerability in Docling, rated Moderate, allows for sensitive file disclosure and denial of service within Red Hat OpenShift AI when processing untrusted METS-GBS archives. This is due to insufficient security controls in the XML parsing and document format detection, which an attacker could exploit using crafted archives to trigger XML External Entity (XXE) attacks or decompression bombs.
    </Statement>
    <Mitigation xml:lang="en:us">
To mitigate this issue, avoid processing METS-GBS archives from untrusted or unverified sources. If processing such archives is unavoidable, ensure they are pre-validated within an isolated environment with strict resource limits to prevent resource exhaustion and unauthorized file access.
    </Mitigation>
    <PackageState cpe="cpe:/a:redhat:openshift_ai">
        <ProductName>Red Hat OpenShift AI (RHOAI)</ProductName>
        <FixState>Affected</FixState>
        <PackageName>rhoai/odh-autorag-rhel9</PackageName>
    </PackageState>
    <References xml:lang="en:us">
https://www.cve.org/CVERecord?id=CVE-2026-44018
https://nvd.nist.gov/vuln/detail/CVE-2026-44018
https://github.com/docling-project/docling/releases/tag/v2.91.0
https://github.com/docling-project/docling/security/advisories/GHSA-r3xg-rg9j-67fv
    </References>
</Vulnerability>