CVE-2026-44520: CWE-601: URL Redirection to Untrusted Site ('Open Redirect') in docling-project docling-graph
Docling-Graph turns documents into validated Pydantic objects, then builds a directed knowledge graph with explicit semantic relationships. Prior to 1.5.1, the URLInputHandler class in docling_graph/core/input/handlers.py makes HTTP requests to user-supplied URLs without validating whether the target resolves to a private, loopback, or link-local IP address. The URLValidator only checks for a valid scheme and non-empty netloc, performing no IP-level validation. Additionally, requests.head() was called with allow_redirects=True, allowing an attacker to redirect requests to internal endpoints via an intermediary URL. An attacker who can control the --source CLI argument or PipelineConfig.source API parameter can trigger Server-Side Request Forgery (SSRF). This vulnerability is fixed in 1.5.1.
AI Analysis
Technical Summary
Docling-Graph versions before 1.5.1 contain an SSRF vulnerability due to insufficient validation in the URLInputHandler class. The URLValidator only checks for valid URL scheme and non-empty netloc but does not verify if the resolved IP address is private or local. Additionally, the use of requests.head() with allow_redirects=True allows attackers to redirect requests to internal endpoints via intermediary URLs. Attackers who can control the --source CLI argument or PipelineConfig.source API parameter can exploit this to make the server perform unauthorized HTTP requests. The issue is addressed in version 1.5.1.
Potential Impact
An attacker with the ability to control certain input parameters can cause the server to make HTTP requests to internal or otherwise restricted network resources, potentially leading to information disclosure or interaction with internal services. The vulnerability does not directly impact data integrity or availability but can result in confidentiality breaches. No known exploits are reported in the wild at this time.
Mitigation Recommendations
This vulnerability is fixed in docling-graph version 1.5.1. Users should upgrade to version 1.5.1 or later to remediate the issue. Since no official patch links or advisories are provided, verify the upgrade availability through the official docling-project channels. Until upgraded, avoid passing untrusted URLs to the --source CLI argument or PipelineConfig.source API parameter to reduce risk.
CVE-2026-44520: CWE-601: URL Redirection to Untrusted Site ('Open Redirect') in docling-project docling-graph
Description
Docling-Graph turns documents into validated Pydantic objects, then builds a directed knowledge graph with explicit semantic relationships. Prior to 1.5.1, the URLInputHandler class in docling_graph/core/input/handlers.py makes HTTP requests to user-supplied URLs without validating whether the target resolves to a private, loopback, or link-local IP address. The URLValidator only checks for a valid scheme and non-empty netloc, performing no IP-level validation. Additionally, requests.head() was called with allow_redirects=True, allowing an attacker to redirect requests to internal endpoints via an intermediary URL. An attacker who can control the --source CLI argument or PipelineConfig.source API parameter can trigger Server-Side Request Forgery (SSRF). This vulnerability is fixed in 1.5.1.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Docling-Graph versions before 1.5.1 contain an SSRF vulnerability due to insufficient validation in the URLInputHandler class. The URLValidator only checks for valid URL scheme and non-empty netloc but does not verify if the resolved IP address is private or local. Additionally, the use of requests.head() with allow_redirects=True allows attackers to redirect requests to internal endpoints via intermediary URLs. Attackers who can control the --source CLI argument or PipelineConfig.source API parameter can exploit this to make the server perform unauthorized HTTP requests. The issue is addressed in version 1.5.1.
Potential Impact
An attacker with the ability to control certain input parameters can cause the server to make HTTP requests to internal or otherwise restricted network resources, potentially leading to information disclosure or interaction with internal services. The vulnerability does not directly impact data integrity or availability but can result in confidentiality breaches. No known exploits are reported in the wild at this time.
Mitigation Recommendations
This vulnerability is fixed in docling-graph version 1.5.1. Users should upgrade to version 1.5.1 or later to remediate the issue. Since no official patch links or advisories are provided, verify the upgrade availability through the official docling-project channels. Until upgraded, avoid passing untrusted URLs to the --source CLI argument or PipelineConfig.source API parameter to reduce risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-06T19:38:10.565Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a06082eec166c07b0fd3b67
Added to database: 5/14/2026, 5:36:46 PM
Last enriched: 5/14/2026, 5:52:01 PM
Last updated: 5/14/2026, 6:42:25 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.