CVE-2026-44017

描述

### Impact In versions `< 2.91.0`, The EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromise the model download source (via supply chain attack, DNS spoofing, or MITM), they could write arbitrary files to any location writable by the process, potentially achieving: - Remote code execution by overwriting Python files or system binaries - Persistent backdoors by modifying startup scripts or SSH keys - Data corruption or system compromise ### Patches Fixed in version 2.91.0. The extraction process now validates each archive member path using `os.path.realpath()` to ensure it remains within the target directory, raising a `SecurityError` for any path traversal attempts. ### Workarounds Ensure model downloads occur over secure, authenticated channels. Use integrity verification (checksums) for downloaded models. Run the application with minimal file system permissions. ### References - Fix release: [v2.91.0](https://github.com/docling-project/docling/releases/tag/v2.91.0)

如何修補 CVE-2026-44017

要修補 CVE-2026-44017,請將受影響套件升級到下列已修補版本。

• —升級至 2.91.0 或更新版本

CVE-2026-44017 正在被利用嗎?

目前沒有被利用訊號。CVE-2026-44017 既不在 CISA KEV 也沒有最新的 EPSS 分數。

受影響套件(1)

• from 0, < 2.91.0

CVSS 分數

參考連結(3)

• PATCHgithub.com/docling-project/docling
• WEBgithub.com/docling-project/docling/releases/tag/v2.91.0
• WEBgithub.com/docling-project/docling/security/advisories/GHSA-cjqg-rq2h-2fvj