CVE-2026-44520
docling-graph has SSRF via Missing Internal IP Validation in URLInputHandler
Description
### Impact The `URLInputHandler` class in `docling_graph/core/input/handlers.py` makes HTTP requests to user-supplied URLs without validating whether the target resolves to a private, loopback, or link-local IP address. The `URLValidator` only checks for a valid scheme and non-empty `netloc`, performing no IP-level validation. Additionally, `requests.head()` was called with `allow_redirects=True`, allowing an attacker to redirect requests to internal endpoints via an intermediary URL. An attacker who can control the `--source` CLI argument or `PipelineConfig.source` API parameter can trigger Server-Side Request Forgery (SSRF) to reach: - Cloud metadata endpoints (e.g. `169.254.169.254`) to steal IAM credentials - Internal services on loopback (`127.0.0.1`) or private network ranges (`10.x`, `172.16.x`, `192.168.x`) This affects deployments where `docling-graph` processes URLs from untrusted input, such as multi-tenant pipelines or server-side automation. ### Patches The vulnerability is fixed in **v1.5.1**. Users should upgrade immediately: ``` pip install --upgrade docling-graph ``` The fix adds IP validation via `ipaddress` and `socket.gethostbyname()` before any request is made, blocks private/loopback/link-local/reserved addresses, and disables redirect following (`allow_redirects=False`) with explicit validation of any `Location` header before following it. ### Workarounds If upgrading is not immediately possible, ensure that **all URLs passed to `URLInputHandler` come exclusively from trusted, internal sources**, never from user-supplied or external input. There is no safe code-level workaround short of applying the patch, as the vulnerability is in the library itself. ### Resources - [CWE-918: Server-Side Request Forgery](https://cwe.mitre.org/data/definitions/918.html) - [OWASP SSRF Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html) - [AWS Instance Metadata endpoint](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html)
How to fix CVE-2026-44520
To remediate CVE-2026-44520, upgrade the affected package to a fixed version below.
- —upgrade to 1.5.1 or later
Is CVE-2026-44520 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.