CVE-2026-44018
Python Analisi e mitigazione delle vulnerabilità

Panoramica

CVE-2026-44018 is a moderate-severity vulnerability in the Docling Python library's METS-GBS backend that enables XML External Entity (XXE) attacks, decompression bomb (zip bomb) attacks, and unbounded archive extraction. It affects docling (pip) versions >= 2.45.0 and < 2.91.0. The advisory was published on June 2, 2026, by dolfim-ibm and added to the GitHub Advisory Database on June 3, 2026. It carries a CVSS v3.1 base score of 5.5 (Medium) (GitHub Advisory).

Dettagli tecnici

The vulnerability stems from three distinct weaknesses in Docling's METS-GBS backend: CWE-611 (Improper Restriction of XML External Entity Reference), CWE-409 (Improper Handling of Highly Compressed Data), and CWE-776 (Improper Restriction of Recursive Entity References in DTDs). The XML parser lacked hardened settings — specifically, it did not disable entity resolution, DTD loading, or network access — allowing an attacker to embed malicious external entity references in METS-GBS XML to read local files or trigger denial of service. Separately, the archive extraction logic imposed no size or member-count limits, enabling decompression bombs and unbounded resource consumption. Exploitation requires a user to open or process a maliciously crafted METS-GBS archive, making user interaction a prerequisite (GitHub Advisory, Docling Security Advisory).

Impatto

Successful exploitation can result in high availability impact through memory and disk exhaustion caused by decompression bombs or unbounded archive extraction, potentially crashing the application or the host system. XXE attacks additionally expose sensitive local files readable by the process, posing a confidentiality risk not fully reflected in the CVSS score (which scores confidentiality as None under the local-attack-vector scenario). Systems that automatically process user-supplied METS-GBS archives — such as document ingestion pipelines — are at greatest risk of resource exhaustion and data exposure (GitHub Advisory).

Passaggi di sfruttamento

  1. Craft a malicious METS-GBS archive: Create a tar archive containing a METS XML file with an XXE payload (e.g., <!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]><mets>&xxe;</mets>) to read local files, or embed a decompression bomb (e.g., a highly compressed file that expands to hundreds of megabytes) to exhaust system resources.
  2. Deliver the archive to the target: Social-engineer a user or automated pipeline running a vulnerable version of Docling (>= 2.45.0, < 2.91.0) into processing the malicious archive — for example, by submitting it through a document upload interface or sharing it as a legitimate-looking METS-GBS file.
  3. Trigger processing: The target user or system invokes Docling's METS-GBS backend to parse the archive. The unsanitized XML parser resolves the external entity or the extraction logic decompresses the bomb without limits.
  4. Achieve objective: For XXE, the resolved entity content (e.g., /etc/passwd) is embedded in the parser output, leaking sensitive file contents. For decompression bombs, memory and disk are exhausted, causing application crash or denial of service (GitHub Advisory, Docling Security Advisory).

Indicatori di compromesso

  • File System: Unexpected large temporary files or directories created during archive extraction; disk space rapidly consumed in the Docling working or temp directory.
  • Process: Docling process exhibiting abnormally high memory consumption or CPU usage during METS-GBS file processing; process crash or OOM-killer events in system logs.
  • Logs: Application error logs showing XML parsing exceptions related to external entity resolution or DTD loading; extraction errors referencing oversized files or excessive member counts (prior to patching, these would be absent — their presence post-patch indicates attempted exploitation).
  • Network: Unexpected outbound DNS or HTTP requests originating from the Docling process to external hosts during XML parsing (indicative of XXE with network-based entity URIs) (GitHub Advisory).

Mitigazione e soluzioni alternative

Upgrade docling to version 2.91.0 or later, which introduces secure XML parsing (resolve_entities=False, load_dtd=False, no_network=True) and enforces extraction limits (300 MB total, 10 MB per file, 1000 members). As a temporary workaround, avoid processing METS-GBS archives from untrusted sources; if processing is necessary, pre-validate archives in an isolated environment with strict resource limits (e.g., containers with memory/disk quotas). The fix was released on April 23, 2026, as part of Docling v2.91.0 (Docling v2.91.0 Release, GitHub Advisory).

Risorse aggiuntive


FonteQuesto report è stato generato utilizzando l'intelligenza artificiale

Imparentato Python Vulnerabilità:

CVE ID

Severità

Punteggio

Tecnologie

Nome del componente

Exploit CISA KEV

Ha la correzione

Data di pubblicazione

CVE-2026-57585HIGH7.5
  • Python logoPython
  • python-pip
NoJun 30, 2026
CVE-2026-12243HIGH7.5
  • Python logoPython
  • nltk
NoNoJun 30, 2026
CVE-2026-49986HIGH7.1
  • Python logoPython
  • neuro-cortex-memory
NoJul 01, 2026
CVE-2026-57204MEDIUM6.9
  • Python logoPython
  • pypdf
NoJun 30, 2026
GHSA-75mw-h36v-2jv7MEDIUM6.1
  • Python logoPython
  • dosage
NoJun 26, 2026

Valutazione gratuita delle vulnerabilità

Benchmark della tua posizione di sicurezza del cloud

Valuta le tue pratiche di sicurezza cloud in 9 domini di sicurezza per confrontare il tuo livello di rischio e identificare le lacune nelle tue difese.

Richiedi valutazione

Richiedi una demo personalizzata

Pronti a vedere Wiz in azione?

"La migliore esperienza utente che abbia mai visto offre piena visibilità ai carichi di lavoro cloud."
David EstlickCISO (CISO)
"Wiz fornisce un unico pannello di controllo per vedere cosa sta succedendo nei nostri ambienti cloud."
Adam FletcherResponsabile della sicurezza
"Sappiamo che se Wiz identifica qualcosa come critico, in realtà lo è."
Greg PoniatowskiResponsabile della gestione delle minacce e delle vulnerabilità