CVE-2026-31247 — XML entity expansion denial-of-service in Docling JATS backend

MITRE service request: 1988723

Status: RESERVED (pending a qualifying public reference per CNA Rules §5.3).

Official CVE description

Docling’s JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend uses etree.parse() to parse XML files without disabling entity resolution. An attacker can craft a malicious XML file containing a nested entity expansion payload (XML Bomb). When processed by Docling, the exponential expansion of entities leads to excessive resource consumption, resulting in a denial of service (DoS) condition on the system running the Docling parser.

Summary

python -m docling.cli.main exploit.xml --from xml_jats triggers lxml.etree.parse with default entity expansion, so a small XML file can exhaust CPU/RAM via billion-laughs style entities.

Affected product and versions

• Product: docling-project/docling.
• Affected range (coordination record): through v2.61.0.

Technical details

• Surface: CLI / library path JatsDocumentBackend.__init__ calling etree.parse on attacker XML.
• Weakness: External/parameter entities not disabled; quadratic expansion possible.
• Impact: High CPU/memory DoS; potential SSRF if combined with external entities (not claimed in coordination text).
• Mitigation: Use resolve_entities=False / defusedxml equivalents; cap input size.

Risk

Medium–High availability impact on ingestion services.

Remediation / workaround

• Sandbox Docling workers with cgroup limits; upgrade when patched (TBD).

CVE Program next steps