GHSA-q29v-xc37-wh5mHighCVSS 7.1

Docling: Unsafe URI and Path Handling in HTML Backend

Published
June 3, 2026
Last Modified
June 3, 2026

🔗 CVE IDs covered (1)

📋 Description

Impact

The HTML backend did not perform sufficient validation during resource handling:

  • Accepted file:// URIs enabling local file system access when enable_local_fetch=True
  • Path resolution allowed traversal outside intended directories via ../ sequences and absolute paths
  • Did not block internal network resources under enable_remote_fetch=True
  • HTTP redirects were not validated, potentially redirecting to unintended schemes
  • No resource limits for remote image downloads and data: URIs

Patches

Fixed in versions 2.91.0 (initial fixes) and 2.94.0 (additional improvements). The fixes implement:

  • Updated local path treatment: absolute files always blocked, relative paths require enable_local_fetch=True (default: False) and containment within configured base_path for path traversal protection
  • file:// scheme stripped & treated as local path (above)
  • IP address validation to prevent SSRF
  • HTTP redirect validation, connection and read timeouts
  • Size limit for both remote images (with streaming download) and base64-decoded data URIs

Workarounds

Keep both enable_local_fetch=False and enable_remote_fetch=False (defaults) when processing untrusted HTML documents.

References

🎯 Affected products1

  • pip/docling:< 2.94.0

🔗 References (4)