CVE-2026-24009 | docling-project docling-core up to 2.48.3 deserialization

Inserito da Angelo Barbosa | Gen 22, 2026 | CVE

A vulnerability classified as problematic was found in docling-project docling-core up to 2.48.3. This affects the function docling_core.types.doc.DoclingDocument.load_from_yaml. Executing a manipulation can lead to deserialization.

This vulnerability appears as CVE-2026-24009. The attack may be performed from remote. There is no available exploit.

Upgrading the affected component is advised.

CVE-2026-24009 | docling-project docling-core up to 2.48.3 deserialization

Post correlati

CVE-2025-41676 | MB Connect Line mbNET.mini up to 2.3.2 HTTP POST Request resource consumption (VDE-2025-058)

CVE-2024-13456 | nmedia Easy Quiz Maker Plugin up to 2.0 on WordPress Shortcode wqt-question cross site scripting

CVE-2025-58263 | BuddyDev BuddyPress Notification Widget Plugin up to 1.3.3 on WordPress cross site scripting

CVE-2024-6783 | vue up to 2.7.16 prototype pollution