CVE-2026-44019: Docling Core: Insufficient validation of image reference URIs

Impact In versions >= 2.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible: reject file: and data: image references from untrusted input allow only approved local or remote image sources apply input size…

8.1CVSS Score

HIGHSeverity

NOCISA KEV

VulnerabilityImpact Type

📋 Vulnerability Details

CVE ID	CVE-2026-44019
Vendor	pip
Affected Product	docling-core
Vulnerability Type	Vulnerability
CVSS Score	8.1 (HIGH)
Actively Exploited	❌ No known exploitation
Patch Status	See Vendor Advisory →
Reported By	CYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

Impact

In versions >= 2.5.0, = 2.74.1

Workarounds

• reject file: and data: image references from untrusted input

• allow only approved local or remote image sources

• apply input size and memory limits to processing workers

If upgrading is not immediately possible:

References

• Fix release: [v2.74.1](https://github.com/docling-project/docling-core/releases/tag/v2.74.1)

🎯 Known Indicators of Compromise

{"type":"url","value":"https://github.com/docling-project/docling-core/releases/tag/v2.74.1)","confidence_score":0.82,"first_seen":"2026-06-03","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-44019 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries

🛡️ Get Detection Pack → 🔌 Access via API →