Understanding and Mitigating Unsafe Remote Filename Resolution in Docling Core

What is the Vulnerability?

The vulnerability in Docling Core, identified as CVE-2026-44023, relates to the unsafe resolution of remote filenames. In versions >= 1.5.0 and < 2.74.1, docling-core did not sufficiently restrict remote request destinations. This oversight could lead to the resolution of a server-provided Content-Disposition to a local path in an unsafe manner.

Impact and Risks

The primary risk associated with this vulnerability is Server-Side Request Forgery (SSRF). In applications that accept untrusted URLs, an attacker could exploit this vulnerability to launch SSRF attacks. These attacks could target local files outside the user-defined cache directory, potentially leading to unauthorized access or data breaches.

How was the Vulnerability Patched?

The vulnerability was patched in docling-core version 2.74.1. The fix involves adding stricter validation for remote destinations and normalizing server-provided filenames before use. This ensures that remote filenames are resolved safely and reduces the risk of SSRF attacks.

Mitigation Strategies

For users who cannot immediately upgrade to version 2.74.1 or later, a recommended workaround is to avoid passing untrusted URLs into remote fetch functionality. This precaution can help mitigate the risk of exploitation until a patch can be applied.

Conclusion

The CVE-2026-44023 vulnerability in docling-core highlights the importance of secure handling of remote filenames and URLs. By understanding the nature of this vulnerability and applying the provided patches or workarounds, users can protect their applications from potential SSRF attacks.