docling-core · IA Squad

Skip to content

python · docling-coreCritical

docling-core: Local file access and memory exhaustion via image references (CVE-2025-XXXX)

docling-core versions >=2.5.0, <2.74.1 allowed local file:// image references and accepted inline data: content without a decoded-

09 Jun 2026 · act now

python · docling-coreCritical

docling-core: SSRF via unsafe Content-Disposition resolution (>=1.5.0, <2.74.1)

docling-core versions >=1.5.0, <2.74.1 did not sufficiently restrict remote request destinations and could resolve a server-provid

09 Jun 2026 · act now