CNNVD-202601-3810 Information
CNNVD ID
CNNVD-202601-3810
Related CVE
- CNNVD Published: 2026-01-22
Description (Chinese)
Docling Core是Docling Project开源的一个Python库。 Docling Core 2.21.0版本至2.48.4之前版本存在代码问题漏洞,该漏洞源于PyYAML反序列化问题,可能导致远程代码执行。
Description (English)
Docling Core is a Python library of open-source Docling Projects. Docling Core, version 2.21.0 to previous version 2.48.4, has a code problem loophole, which stems from PyYAML ’ s inverse sequence, which may lead to remote code execution.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
Docling Project
Published
2026-01-22
Last Modified
2026-02-24
References
https://github.com/advisories/GHSA-8q59-q68h-6hv4 https://github.com/docling-project/docling-core/commit/3e8d628eeeae50f0f8f239c8c7fea773d065d80c https://github.com/docling-project/docling-core/issues/482 https://github.com/docling-project/docling-core/releases/tag/v2.48.4 https://github.com/docling-project/docling-core/security/advisories/GHSA-vqxf-v2gg-x3hc
Patch
https://github.com/docling-project/docling-core/releases
Share on: