CVE-2026-44018
Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend
Description
### Impact The METS-GBS backend's XML parsing and the input document format detection lacked security controls, enabling: - XML External Entity (XXE) attacks to read local files or cause denial of service - Decompression bombs (zip bombs) to exhaust memory and disk space - Unbounded archive extraction consuming system resources An attacker could craft malicious METS-GBS archives that, when processed, could read sensitive files, exhaust system resources, or cause application crashes. ### Patches Fixed in version 2.91.0. The fix implements: - Secure XML parsing with `resolve_entities=False`, `load_dtd=False`, and `no_network=True` - Configurable limits: 300 MB total extraction size, 10 MB per file, 1000 member count - Cumulative size tracking across all extractions - Early termination when limits are exceeded - Secure format detection of METS-GBS tar archives with `_detect_mets_gbs()` method: maximum file size (10 MB per file), maximum member count (1000 members), and exception handling to gracefully fail when limits are exceeded ### Workarounds Avoid processing METS-GBS archives from untrusted sources. If necessary, pre-validate archives in an isolated environment with resource limits. ### References - Fix release: [v2.91.0](https://github.com/docling-project/docling/releases/tag/v2.91.0)
How to fix CVE-2026-44018
To remediate CVE-2026-44018, upgrade the affected package to a fixed version below.
- —upgrade to 2.91.0 or later
Is CVE-2026-44018 being exploited?
No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2026-44018.
Affected packages (1)
- >= 2.45.0, < 2.91.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |