PatchSiren

docling-project CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH docling-project CVE published 2026-06-24

CVE-2026-44017

CVE-2026-44017 is a high-severity vulnerability in Docling, a document processing tool, that allows for arbitrary file writes and potential remote code execution. The vulnerability exists in the EasyOCR model download functionality prior to version 2.91.0, where ZIP archives are extracted without validating member paths, enabling Zip Slip attacks. If an attacker can compromise the model download source, t [truncated]