REPRO-2026-00080 HIGH RCE Verified

Docling-core YAML Deserialization RCE via FullLoader

docling-core (pip) Feb 13, 2026

Open in Codespaces Download Script Download Variant Script

Confidence HIGH

Reproduced in 6m 1s

Tool calls 58

Affected >= 2.21.0, < 2.48.4

Fixed in 2.48.4

What's the vulnerability?

A PyYAML-related Remote Code Execution (RCE) vulnerability is exposed in docling-core >=2.21.0, <2.48.4 when the application uses pyyaml < 5.4 and invokes DoclingDocument.load_from_yaml() with untrusted YAML data. The unsafe yaml.FullLoader allows attacker-controlled Python object construction, leading to arbitrary command execution during deserialization before any validation occurs.

Root Cause Analysis

Variant Analysis

Bypass and alternate trigger exploration (if present).

One Command

Verify with pruva-verify

Run the Pruva CLI to automatically fetch and execute the reproduction script.

pruva-verify REPRO-2026-00080

or pruva-verify GHSA-VQXF-V2GG-X3HC

or pruva-verify CVE-2026-24009

Install: curl -fsSL https://pruva.dev/install.sh | sh

Or Run Manually

Download the script

curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00080/artifacts/repro/reproduction_steps.sh

Make executable

chmod +x reproduction_steps.sh

Run the script

./reproduction_steps.sh

Run in a VM, container, or disposable environment. This exploits a real vulnerability.

How Pruva Reproduced This

Watch the AI agent's step-by-step process.

Loading session...