A high-severity vulnerability in the Docling document processing library threatens the integrity of AI-integrated data pipelines and document parsing workflows.

The vulnerability affects the document parsing functionality of Docling. Attackers could potentially trigger this flaw by submitting malicious documents, leading to unauthorized code execution or system instability within the processing environment.

A successful exploit could result in the compromise of data processed by AI pipelines, potentially leading to data leakage or the corruption of training datasets. Given the CVSS score of 8.2, this vulnerability represents a critical risk to organizations relying on Docling for automated document ingestion and generative AI integrations.

Immediate Action: Update the Docling library to the latest secure version once released by the vendor.

Proactive Monitoring: Monitor document processing logs for errors, crashes, or unexpected execution patterns that may indicate a malformed input attack.

Compensating Controls: Implement strict file validation and sandboxing for all documents processed by Docling to prevent unauthorized payloads from interacting with the host system.

Public Exploit Available: false

Organizations using Docling in production workflows should prioritize identifying all instances where this library is implemented. Apply the vendor-provided patches as soon as they become available to mitigate the risk of document-based attacks against your AI ecosystem.