Remote code execution via malicious HTML in Playwright-based rendering
Summary
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions >= 2.82.0, < 2.91.0, if the HTML backend was explicitly configured for rendering (rendering option by default deactivated), then the Playwright-based rendering feature could allow JavaScript execution and unrestricted network access when processing untrusted HTML documents. An attacker could craft malicious HTML that executes arbitrary JavaScript in the rendering context or makes unauthorized network requests to internal services, potentially leading to SSRF attacks, data exfiltration, or remote code execution in the rendering environment. This vulnerability is fixed in 2.91.0. A flaw was found in Docling. If the HTML backend is explicitly configured for rendering, a remote attacker could exploit a vulnerability in the Playwright-based rendering feature by crafting malicious HTML documents. This could allow the attacker to execute arbitrary JavaScript or make unauthorized network requests, potentially leading to Server-Side Request Forgery (SSRF) attacks, data exfiltration, or remote code execution. This vulnerability is rated as Important. While Docling's HTML backend rendering feature is deactivated by default in Red Hat OpenShift AI, an explicitly configured instance processing untrusted HTML documents could allow a remote attacker to execute arbitrary JavaScript or make unauthorized network requests. This could lead to Server-Side Request Forgery (SSRF), data exfiltration, or remote code execution within the rendering environment. However, Red Hat OpenShift AI (RHOAI) is not affected as the vulnerable code is not present. Red Hat severity: Important — CVSS 8.2 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L). Weakness: CWE-918. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Mitigation checklist
- Red Hat rates this important; a fix erratum may not be out yet — apply the RHSA as soon as it publishes.
Official advisory · high-confidence parse· fetched 6 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.