GHSA-VQXF-V2GG-X3HC

Vulnerability from github – Published: 2026-01-22 18:02 – Updated: 2026-01-22 18:43
VLAI?
Summary
docling-core vulnerable to Remote Code Execution via unsafe PyYAML usage
Details

Impact

A PyYAML-related Remote Code Execution (RCE) vulnerability, namely CVE-2020-14343, is exposed in docling-core >=2.21.0, <2.48.4 and, specifically only if the application uses pyyaml < 5.4 and invokes docling_core.types.doc.DoclingDocument.load_from_yaml() passing it untrusted YAML data.

Patches

The vulnerability has been patched in docling-core version 2.48.4. The fix mitigates the issue by switching PyYAML deserialization from yaml.FullLoader to yaml.SafeLoader, ensuring that untrusted data cannot trigger code execution.

Workarounds

Users who cannot immediately upgrade docling-core can alternatively ensure that the installed version of PyYAML is 5.4 or greater, which supposedly patches CVE-2020-14343.

References

  • GitHub Issue: #482
  • Upstream Advisory: CVE-2020-14343
  • Fix Release: v2.48.4
Severity ?
8.1 (High)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "docling-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.21.0"
            },
            {
              "fixed": "2.48.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-24009"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-22T18:02:45Z",
    "nvd_published_at": "2026-01-22T16:16:09Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nA PyYAML-related Remote Code Execution (RCE) vulnerability, namely CVE-2020-14343, is exposed in `docling-core \u003e=2.21.0, \u003c2.48.4` and, specifically only if the application uses `pyyaml \u003c 5.4` and invokes `docling_core.types.doc.DoclingDocument.load_from_yaml()` passing it untrusted YAML data.\n\n### Patches\n\nThe vulnerability has been patched in `docling-core` version **2.48.4**.\nThe fix mitigates the issue by switching `PyYAML` deserialization from `yaml.FullLoader` to `yaml.SafeLoader`, ensuring that untrusted data cannot trigger code execution.\n\n### Workarounds\n\nUsers who cannot immediately upgrade `docling-core` can alternatively ensure that the installed version of `PyYAML` is **5.4 or greater**, which supposedly patches CVE-2020-14343.\n\n### References\n\n* GitHub Issue: #482\n* Upstream Advisory: CVE-2020-14343\n* Fix Release: [v2.48.4](https://github.com/docling-project/docling-core/releases/tag/v2.48.4)",
  "id": "GHSA-vqxf-v2gg-x3hc",
  "modified": "2026-01-22T18:43:42Z",
  "published": "2026-01-22T18:02:45Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/docling-project/docling-core/security/advisories/GHSA-vqxf-v2gg-x3hc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24009"
    },
    {
      "type": "WEB",
      "url": "https://github.com/docling-project/docling-core/issues/482"
    },
    {
      "type": "WEB",
      "url": "https://github.com/docling-project/docling-core/commit/3e8d628eeeae50f0f8f239c8c7fea773d065d80c"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-8q59-q68h-6hv4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/docling-project/docling-core"
    },
    {
      "type": "WEB",
      "url": "https://github.com/docling-project/docling-core/releases/tag/v2.48.4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "docling-core vulnerable to Remote Code Execution via unsafe PyYAML usage"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.