CVE-2026-24009 is a deserialization vulnerability classified under CWE-502 affecting the docling-core library, a component used in the Docling document processing application. The vulnerability stems from the use of PyYAML's FullLoader to deserialize YAML input in the method DoclingDocument.load_from_yaml(), which can lead to remote code execution if untrusted YAML data is processed. This issue is present in docling-core versions starting from 2.21.0 up to 2.48.4, specifically when PyYAML versions prior to 5.4 are used. PyYAML's FullLoader allows execution of arbitrary Python objects during deserialization, which attackers can exploit by crafting malicious YAML payloads. The vulnerability is mitigated in docling-core 2.48.4 by switching to PyYAML's SafeLoader, which restricts deserialization to safe Python objects, preventing code execution. Alternatively, upgrading PyYAML to version 5.4 or later also addresses the issue by defaulting to SafeLoader. The CVSS v3.1 score of 8.1 reflects the high impact and network attack vector, with no privileges or user interaction required, but with high attack complexity due to the need to supply malicious YAML input. No known exploits have been reported in the wild to date. This vulnerability poses a significant risk to applications that process untrusted YAML data using vulnerable docling-core versions, potentially allowing attackers to execute arbitrary code remotely, leading to full system compromise.

For European organizations, this vulnerability could have severe consequences, especially for those relying on docling-core for document processing workflows. Successful exploitation can lead to remote code execution, allowing attackers to compromise confidentiality by accessing sensitive documents, integrity by altering document data or processing logic, and availability by disrupting services or deploying ransomware. Industries such as finance, legal, healthcare, and government, which often handle sensitive documents and may use automated document processing, are particularly at risk. The vulnerability's network attack vector and lack of required authentication mean attackers can exploit it remotely if untrusted YAML input is accepted, increasing the attack surface. Given the high CVSS score and potential for full system compromise, organizations face risks including data breaches, operational disruption, and reputational damage. The absence of known exploits in the wild suggests a window of opportunity for proactive mitigation before widespread attacks occur.

European organizations should immediately assess their use of docling-core and PyYAML in document processing applications. The primary mitigation is to upgrade docling-core to version 2.48.4 or later, which replaces FullLoader with SafeLoader for YAML deserialization. If upgrading docling-core is not immediately feasible, organizations must ensure that PyYAML is upgraded to version 5.4 or higher, which defaults to SafeLoader and mitigates the vulnerability. Additionally, organizations should audit their applications to confirm that untrusted YAML input is not processed or is strictly validated and sanitized before deserialization. Implementing network-level controls to restrict access to services that accept YAML input can reduce exposure. Monitoring and logging deserialization activities may help detect anomalous or malicious payloads. Finally, organizations should maintain an up-to-date inventory of affected software components and apply security patches promptly to reduce the attack surface.