Primary

Context

Docling Core Remote Code Execution Vulnerability Due to Unsafe PyYAML Usage

Vulnerability

A remote code execution vulnerability has been identified in Docling Core versions 2.21.0 prior to 2.48.4. This issue arises when the application processes untrusted YAML data using PyYAML versions prior to 5.4, specifically through the 'full_load' method with the 'FullLoader' option. The vulnerability is present in the 'load_from_yaml' function of the 'docling_core.types.doc.DoclingDocument' class.

Impact

Exploitation of this vulnerability allows for arbitrary remote code execution on the system where Docling Core is used.

Reproduction

To reproduce this vulnerability, load a YAML file containing untrusted data using the 'docling_core.types.doc.DoclingDocument.load_from_yaml()' method. Ensure that PyYAML is version 5.3 or earlier, and that Docling Core is within the vulnerable version range.

Remediation

Upgrade Docling Core to version 2.48.4 or later. If an immediate upgrade is not possible, ensure that PyYAML is updated to version 5.4 or greater.

Added: Jan 22, 2026, 4:20 PM

Updated: Jan 22, 2026, 4:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.0

remediation

0.0

relevance

2.1

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.0

remediation

0.0

relevance

2.1

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Docling Core Remote Code Execution Vulnerability Due to Unsafe PyYAML Usage

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating