{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-44016", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-05-04T21:24:36.506Z", "datePublished": "2026-06-24T17:42:42.434Z", "dateUpdated": "2026-06-30T12:08:28.576Z"}, "containers": {"cna": {"title": "Docling: Unsafe Playwright-based HTML Rendering", "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/docling-project/docling/security/advisories/GHSA-pj2v-ggqh-cmq2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/docling-project/docling/security/advisories/GHSA-pj2v-ggqh-cmq2"}, {"name": "https://github.com/docling-project/docling/releases/tag/v2.91.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/docling-project/docling/releases/tag/v2.91.0"}], "affected": [{"vendor": "docling-project", "product": "docling", "versions": [{"version": ">= 2.82.0, < 2.91.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-24T17:42:42.434Z"}, "descriptions": [{"lang": "en", "value": "Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions >= 2.82.0, < 2.91.0, if the HTML backend was explicitly configured for rendering (rendering option by default deactivated), then the Playwright-based rendering feature could allow JavaScript execution and unrestricted network access when processing untrusted HTML documents. An attacker could craft malicious HTML that executes arbitrary JavaScript in the rendering context or makes unauthorized network requests to internal services, potentially leading to SSRF attacks, data exfiltration, or remote code execution in the rendering environment. This vulnerability is fixed in 2.91.0."}], "source": {"advisory": "GHSA-pj2v-ggqh-cmq2", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-24T19:01:27.606801Z", "id": "CVE-2026-44016", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-24T19:01:44.736Z"}}, {"affected": [{"cpes": ["cpe:/a:redhat:openshift_ai"], "defaultStatus": "unaffected", "product": "Red Hat OpenShift AI (RHOAI)", "vendor": "Red Hat"}], "datePublic": "2026-06-24T17:42:42.434Z", "descriptions": [{"lang": "en", "value": "A flaw was found in Docling. If the HTML backend is explicitly configured for rendering, a remote attacker could exploit a vulnerability in the Playwright-based rendering feature by crafting malicious HTML documents. This could allow the attacker to execute arbitrary JavaScript or make unauthorized network requests, potentially leading to Server-Side Request Forgery (SSRF) attacks, data exfiltration, or remote code execution."}], "metrics": [{"other": {"content": {"namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "references": [{"tags": ["vdb-entry", "x_refsource_REDHAT"], "url": "https://access.redhat.com/security/cve/CVE-2026-44016"}, {"name": "RHBZ#2492339", "tags": ["issue-tracking", "x_refsource_REDHAT"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492339"}, {"tags": ["x_sadp-csaf-vex"], "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44016.json"}], "timeline": [{"lang": "en", "time": "2026-06-24T18:06:17.549Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-06-24T17:42:42.434Z", "value": "Made public."}], "title": "docling: Docling: Remote code execution via malicious HTML in Playwright-based rendering", "x_adpType": "supplier", "x_generator": {"engine": "sadp-cli 1.0.0"}, "providerMetadata": {"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c", "shortName": "redhat-SADP", "dateUpdated": "2026-06-30T12:08:28.576Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "docling: Docling: Remote code execution via malicious HTML in Playwright-based rendering", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:openshift_ai"], "vendor": "Red Hat", "product": "Red Hat OpenShift AI (RHOAI)", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-06-24T18:06:17.549Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-06-24T17:42:42.434Z", "value": "Made public."}], "x_adpType": "supplier", "datePublic": "2026-06-24T17:42:42.434Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-44016", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492339", "name": "RHBZ#2492339", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44016.json", "tags": ["x_sadp-csaf-vex"]}], "x_generator": {"engine": "sadp-cli 1.0.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in Docling. If the HTML backend is explicitly configured for rendering, a remote attacker could exploit a vulnerability in the Playwright-based rendering feature by crafting malicious HTML documents. This could allow the attacker to execute arbitrary JavaScript or make unauthorized network requests, potentially leading to Server-Side Request Forgery (SSRF) attacks, data exfiltration, or remote code execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c", "shortName": "redhat-SADP", "dateUpdated": "2026-06-30T03:19:03.674Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-44016", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-24T19:01:27.606801Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-24T19:01:31.630Z"}}], "cna": {"title": "Docling: Unsafe Playwright-based HTML Rendering", "source": {"advisory": "GHSA-pj2v-ggqh-cmq2", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "docling-project", "product": "docling", "versions": [{"status": "affected", "version": ">= 2.82.0, < 2.91.0"}]}], "references": [{"url": "https://github.com/docling-project/docling/security/advisories/GHSA-pj2v-ggqh-cmq2", "name": "https://github.com/docling-project/docling/security/advisories/GHSA-pj2v-ggqh-cmq2", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/docling-project/docling/releases/tag/v2.91.0", "name": "https://github.com/docling-project/docling/releases/tag/v2.91.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions >= 2.82.0, < 2.91.0, if the HTML backend was explicitly configured for rendering (rendering option by default deactivated), then the Playwright-based rendering feature could allow JavaScript execution and unrestricted network access when processing untrusted HTML documents. An attacker could craft malicious HTML that executes arbitrary JavaScript in the rendering context or makes unauthorized network requests to internal services, potentially leading to SSRF attacks, data exfiltration, or remote code execution in the rendering environment. This vulnerability is fixed in 2.91.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-24T17:42:42.434Z"}}}, "cveMetadata": {"cveId": "CVE-2026-44016", "state": "PUBLISHED", "dateUpdated": "2026-06-30T03:19:03.674Z", "dateReserved": "2026-05-04T21:24:36.506Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-06-24T17:42:42.434Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{}

{"bugzilla": {"description": "docling: Docling: Remote code execution via malicious HTML in Playwright-based rendering", "id": "2492339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492339"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L", "status": "draft"}, "cwe": "CWE-918", "details": ["A flaw was found in Docling. If the HTML backend is explicitly configured for rendering, a remote attacker could exploit a vulnerability in the Playwright-based rendering feature by crafting malicious HTML documents. This could allow the attacker to execute arbitrary JavaScript or make unauthorized network requests, potentially leading to Server-Side Request Forgery (SSRF) attacks, data exfiltration, or remote code execution."], "name": "CVE-2026-44016", "package_state": [{"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-autorag-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}], "public_date": "2026-06-24T17:42:42Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-44016\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-44016\nhttps://github.com/docling-project/docling/releases/tag/v2.91.0\nhttps://github.com/docling-project/docling/security/advisories/GHSA-pj2v-ggqh-cmq2"], "statement": "This vulnerability is rated as Important. While Docling's HTML backend rendering feature is deactivated by default in Red Hat OpenShift AI, an explicitly configured instance processing untrusted HTML documents could allow a remote attacker to execute arbitrary JavaScript or make unauthorized network requests. This could lead to Server-Side Request Forgery (SSRF), data exfiltration, or remote code execution within the rendering environment. However, Red Hat OpenShift AI (RHOAI) is not affected as the vulnerable code is not present.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2.82.0,2.91.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "docling", "source": "cna", "vendor": "docling-project"}, "product": "docling", "vendor": "docling-project"}], "created": "2026-06-24T20:45:03.357194+00:00", "updated": "2026-06-25T06:15:15.830278+00:00", "vendors": ["docling-project", "docling-project$PRODUCT$docling"]}