{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24009", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-19T18:49:20.660Z", "datePublished": "2026-01-22T15:04:52.745Z", "dateUpdated": "2026-01-22T15:59:19.883Z"}, "containers": {"cna": {"title": "Docling Core vulnerable to Remote Code Execution via unsafe PyYAML usage", "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "lang": "en", "description": "CWE-502: Deserialization of Untrusted Data", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/docling-project/docling-core/security/advisories/GHSA-vqxf-v2gg-x3hc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/docling-project/docling-core/security/advisories/GHSA-vqxf-v2gg-x3hc"}, {"name": "https://github.com/docling-project/docling-core/issues/482", "tags": ["x_refsource_MISC"], "url": "https://github.com/docling-project/docling-core/issues/482"}, {"name": "https://github.com/docling-project/docling-core/commit/3e8d628eeeae50f0f8f239c8c7fea773d065d80c", "tags": ["x_refsource_MISC"], "url": "https://github.com/docling-project/docling-core/commit/3e8d628eeeae50f0f8f239c8c7fea773d065d80c"}, {"name": "https://github.com/advisories/GHSA-8q59-q68h-6hv4", "tags": ["x_refsource_MISC"], "url": "https://github.com/advisories/GHSA-8q59-q68h-6hv4"}, {"name": "https://github.com/docling-project/docling-core/releases/tag/v2.48.4", "tags": ["x_refsource_MISC"], "url": "https://github.com/docling-project/docling-core/releases/tag/v2.48.4"}], "affected": [{"vendor": "docling-project", "product": "docling-core", "versions": [{"version": ">= 2.21.0, < 2.48.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-22T15:04:52.745Z"}, "descriptions": [{"lang": "en", "value": "Docling Core (or docling-core) is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution (RCE) vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version 2.48.4, specifically only if the application uses pyyaml prior to version 5.4 and invokes `docling_core.types.doc.DoclingDocument.load_from_yaml()` passing it untrusted YAML data. The vulnerability has been patched in docling-core version 2.48.4. The fix mitigates the issue by switching `PyYAML` deserialization from `yaml.FullLoader` to `yaml.SafeLoader`, ensuring that untrusted data cannot trigger code execution. Users who cannot immediately upgrade docling-core can alternatively ensure that the installed version of PyYAML is 5.4 or greater."}], "source": {"advisory": "GHSA-vqxf-v2gg-x3hc", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-22T15:59:15.304157Z", "id": "CVE-2026-24009", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-22T15:59:19.883Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24009", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-22T15:59:15.304157Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-22T15:59:17.336Z"}}], "cna": {"title": "Docling Core vulnerable to Remote Code Execution via unsafe PyYAML usage", "source": {"advisory": "GHSA-vqxf-v2gg-x3hc", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "docling-project", "product": "docling-core", "versions": [{"status": "affected", "version": ">= 2.21.0, < 2.48.4"}]}], "references": [{"url": "https://github.com/docling-project/docling-core/security/advisories/GHSA-vqxf-v2gg-x3hc", "name": "https://github.com/docling-project/docling-core/security/advisories/GHSA-vqxf-v2gg-x3hc", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/docling-project/docling-core/issues/482", "name": "https://github.com/docling-project/docling-core/issues/482", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/docling-project/docling-core/commit/3e8d628eeeae50f0f8f239c8c7fea773d065d80c", "name": "https://github.com/docling-project/docling-core/commit/3e8d628eeeae50f0f8f239c8c7fea773d065d80c", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/advisories/GHSA-8q59-q68h-6hv4", "name": "https://github.com/advisories/GHSA-8q59-q68h-6hv4", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/docling-project/docling-core/releases/tag/v2.48.4", "name": "https://github.com/docling-project/docling-core/releases/tag/v2.48.4", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Docling Core (or docling-core) is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution (RCE) vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version 2.48.4, specifically only if the application uses pyyaml prior to version 5.4 and invokes `docling_core.types.doc.DoclingDocument.load_from_yaml()` passing it untrusted YAML data. The vulnerability has been patched in docling-core version 2.48.4. The fix mitigates the issue by switching `PyYAML` deserialization from `yaml.FullLoader` to `yaml.SafeLoader`, ensuring that untrusted data cannot trigger code execution. Users who cannot immediately upgrade docling-core can alternatively ensure that the installed version of PyYAML is 5.4 or greater."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502: Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-22T15:04:52.745Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24009", "state": "PUBLISHED", "dateUpdated": "2026-01-22T15:59:19.883Z", "dateReserved": "2026-01-19T18:49:20.660Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-01-22T15:04:52.745Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:docling:docling-core:*:*:*:*:*:python:*:*", "matchCriteriaId": "FD7C4503-47A0-4AC3-BCF6-17C8E790F67F", "versionEndExcluding": "2.48.4", "versionStartIncluding": "2.21.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Docling Core (or docling-core) is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution (RCE) vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version 2.48.4, specifically only if the application uses pyyaml prior to version 5.4 and invokes `docling_core.types.doc.DoclingDocument.load_from_yaml()` passing it untrusted YAML data. The vulnerability has been patched in docling-core version 2.48.4. The fix mitigates the issue by switching `PyYAML` deserialization from `yaml.FullLoader` to `yaml.SafeLoader`, ensuring that untrusted data cannot trigger code execution. Users who cannot immediately upgrade docling-core can alternatively ensure that the installed version of PyYAML is 5.4 or greater."}, {"lang": "es", "value": "Docling Core (o docling-core) es una librer\u00eda que define tipos de datos centrales y transformaciones en la aplicaci\u00f3n de procesamiento de documentos Docling. Una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) relacionada con PyYAML, concretamente CVE-2020-14343, se expone en docling-core a partir de la versi\u00f3n 2.21.0 y anterior a la versi\u00f3n 2.48.4, espec\u00edficamente solo si la aplicaci\u00f3n utiliza pyyaml anterior a la versi\u00f3n 5.4 e invoca 'docling_core.types.doc.DoclingDocument.load_from_yaml()' pas\u00e1ndole datos YAML no confiables. La vulnerabilidad ha sido parcheada en docling-core versi\u00f3n 2.48.4. La soluci\u00f3n mitiga el problema al cambiar la deserializaci\u00f3n de 'PyYAML' de 'yaml.FullLoader' a 'yaml.SafeLoader', asegurando que los datos no confiables no puedan desencadenar la ejecuci\u00f3n de c\u00f3digo. Los usuarios que no puedan actualizar docling-core inmediatamente pueden, alternativamente, asegurarse de que la versi\u00f3n instalada de PyYAML sea 5.4 o superior."}], "id": "CVE-2026-24009", "lastModified": "2026-04-09T14:25:51.167", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-01-22T16:16:09.320", "references": [{"source": "security-advisories@github.com", "tags": ["Not Applicable"], "url": "https://github.com/advisories/GHSA-8q59-q68h-6hv4"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/docling-project/docling-core/commit/3e8d628eeeae50f0f8f239c8c7fea773d065d80c"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/docling-project/docling-core/issues/482"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/docling-project/docling-core/releases/tag/v2.48.4"}, {"source": "security-advisories@github.com", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://github.com/docling-project/docling-core/security/advisories/GHSA-vqxf-v2gg-x3hc"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T03:46:37.151584+00:00", "value": {"mitigation_remediation": ["Upgrade docling-core to version 2.48.4 or later, which switches PyYAML to SafeLoader.", "If upgrading is not immediately possible, ensure the installed PyYAML library is version 5.4 or higher to prevent unsafe loaders from being used.", "Modify or isolate YAML loading code to restrict use of load_from_yaml only on trusted input and consider implementing additional input validation or linting."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is Docling Core, maintained by the docling-project, as part of the Docling document processing ecosystem. Vulnerable versions span from 2.21.0 up to, but not including, 2.48.4. Systems running any of these releases that load external YAML files via the load_from_yaml() method are susceptible.", "description_and_impact": "The vulnerability arises from Docling Core's use of PyYAML's FullLoader to deserialize user-supplied YAML documents. When the application calls load_from_yaml with untrusted data, an attacker can embed arbitrary Python objects that will be instantiated during parsing, leading to remote code execution. The issue is identified as CWE-502: Deserialization of Untrusted Data. Successful exploitation allows an attacker to run arbitrary code with the privileges of the running process.", "risk_and_exploitability": "The CVSS score of 8.1 reflects high severity; the EPSS score indicates very low current exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. However, the attack vector remains remote and can be triggered without authentication if the application processes malicious YAML files, for example through an open API or upload endpoint. The patch replaces FullLoader with SafeLoader, eliminating the unsafe deserialization path."}}}}, "created": "2026-01-23T16:32:40.572027+00:00", "updated": "2026-04-18T04:00:08.403540+00:00", "vendors": ["docling-project", "docling-project$PRODUCT$docling-core"]}