HIGH
docling-project
CVE published 2026-06-24
CVE-2026-44017
CVE-2026-44017 is a high-severity vulnerability in Docling, a document processing tool, that allows for arbitrary file writes and potential remote code execution. The vulnerability exists in the EasyOCR model download functionality prior to version 2.91.0, where ZIP archives are extracted without validating member paths, enabling Zip Slip attacks. If an attacker can compromise the model download source, t [truncated]