CVE-2026-44022
MEDIUM5.5Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands
描述
### Impact The LaTeX backend's handling of `\includegraphics`, `\input`, and `\include` commands lacked path containment validation. Attackers could craft malicious LaTeX documents with path traversal sequences (e.g., `../../../etc/passwd`) to: - Read arbitrary files from the file system accessible to the process - Include sensitive files in the converted document output - Potentially access configuration files, credentials, or other sensitive data ### Patches Fixed in version 2.91.0. The fix implements strict path validation using `Path.resolve().is_relative_to()` to ensure all resolved paths remain within the base document directory. Attempts to traverse outside the base directory are logged and blocked. ### Workarounds Avoid processing untrusted LaTeX documents. If processing is necessary, run in a sandboxed environment with restricted file system access. ### References - Fix release: [v2.91.0](https://github.com/docling-project/docling/releases/tag/v2.91.0)
受影響套件(1)
- PyPI/docling>= 2.73.0, < 2.91.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |