CVE-2026-24009
Published: 22 January 2026
Description
Docling Core (or docling-core) is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution (RCE) vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to…
more
version 2.48.4, specifically only if the application uses pyyaml prior to version 5.4 and invokes `docling_core.types.doc.DoclingDocument.load_from_yaml()` passing it untrusted YAML data. The vulnerability has been patched in docling-core version 2.48.4. The fix mitigates the issue by switching `PyYAML` deserialization from `yaml.FullLoader` to `yaml.SafeLoader`, ensuring that untrusted data cannot trigger code execution. Users who cannot immediately upgrade docling-core can alternatively ensure that the installed version of PyYAML is 5.4 or greater.
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the CVE by requiring timely flaw remediation through patching docling-core to v2.48.4 or upgrading PyYAML to v5.4 or later to prevent RCE from unsafe YAML deserialization.
Enforces secure configuration settings like switching to yaml.SafeLoader for DoclingDocument.load_from_yaml() to block code execution from untrusted YAML data.
Requires validation of untrusted YAML inputs prior to deserialization to reject malicious payloads exploiting PyYAML's FullLoader.
Security SummaryAI
CVE-2026-24009 is a remote code execution (RCE) vulnerability stemming from CVE-2020-14343 in the PyYAML library, exposed within the Docling Core (docling-core) library, which defines core data types and transformations for the Docling document processing application. The issue affects docling-core versions from 2.21.0 up to but not including 2.48.4, but only under specific conditions: when the application uses PyYAML prior to version 5.4 and invokes the `docling_core.types.doc.DoclingDocument.load_from_yaml()` function with untrusted YAML data. It is rated with a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-502 (Deserialization of Untrusted Data).
An attacker can exploit this vulnerability remotely without privileges by supplying malicious YAML data to a vulnerable application that processes it via the affected function. Exploitation requires high attack complexity, likely involving crafted YAML that leverages PyYAML's FullLoader to execute arbitrary code during deserialization. Successful exploitation grants high-impact confidentiality, integrity, and availability effects, enabling full RCE on the host system running the application.
Mitigation is available in docling-core version 2.48.4, which patches the vulnerability by changing PyYAML deserialization from `yaml.FullLoader` to `yaml.SafeLoader`, preventing code execution from untrusted data. As an interim measure, users unable to upgrade docling-core should ensure PyYAML is at version 5.4 or later. Relevant advisories and resources include GHSA-8q59-q68h-6hv4, the patching commit at 3e8d628eeeae50f0f8f239c8c7fea773d065d80c, issue #482, the v2.48.4 release, and GHSA-vqxf-v2gg-x3hc.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
RCE vulnerability exploitable remotely over the network with no privileges via untrusted YAML deserialization in a document processing library, directly enabling exploitation of public-facing applications.