What is CVE-2026-44020?

CVE-2026-44020 is a high-severity vulnerability, classified under Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion). CVSS score: 7.5/10. Published 2026-06-24.

How severe is CVE-2026-44020?

High severity. CVSS v3 base score is 7.5 out of 10.

CVE-2026-44020

CVE-2026-44020

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString() without protection…

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Weakness classification (CWE)

CWE-776 — Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion)

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-44020?: CVE-2026-44020 is a high-severity vulnerability, classified under Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion). CVSS score: 7.5/10. Published 2026-06-24.
How severe is CVE-2026-44020?: High severity. CVSS v3 base score is 7.5 out of 10.