Docling XML Entity Expansion Vulnerability in METS GBS Backend

Vulnerability

A vulnerability allowing XML Entity Expansion (XXE) attacks has been identified in Docling's METS GBS backend, affecting versions through 2.61.0. The issue arises because the backend processes and validates XML files from .tar.gz archives using etree.fromstring() without disabling entity resolution. This oversight allows an attacker to create a malicious XML file with nested entity definitions, packaged within a .tar.gz archive. When Docling processes this archive, the entities expand exponentially during parsing, leading to excessive resource consumption and causing a denial-of-service (DoS) condition on the system running the Docling parser.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing excessive resource consumption on the system processing the vulnerable XML files.

Added: May 11, 2026, 5:54 PM

Updated: May 11, 2026, 5:54 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.3

remediation

0.0

relevance

8.0

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.3

remediation

0.0

relevance

8.0

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Docling XML Entity Expansion Vulnerability in METS GBS Backend

Vulnerability

Impact

Affected Products

Docling

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating