What is CVE-2026-31247?

CVE-2026-31247 is a high-severity vulnerability in N/a, classified under Uncontrolled Resource Consumption. CVSS score: 7.5/10. Published 2026-05-11.

How severe is CVE-2026-31247?

High severity. CVSS v3 base score is 7.5 out of 10.

Resource exhaustion in N/a

CVE-2026-31247

Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend uses etree.parse() to parse XML files without disabling entity resolution. An attacker can craft a malicious XML file containing a nest…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.001 (16.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

N/a — versions n/a

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

References

cve@mitre.org
cve@mitre.org

Frequently asked questions

What is CVE-2026-31247?: CVE-2026-31247 is a high-severity vulnerability in N/a, classified under Uncontrolled Resource Consumption. CVSS score: 7.5/10. Published 2026-05-11.
How severe is CVE-2026-31247?: High severity. CVSS v3 base score is 7.5 out of 10.