A vulnerability classified as problematic was found in docling-project docling up to 2.73.x . This issue affects the function xml.sax.parseString of the component USPTO Patent XML Parser . Such manipulation leads to xml entity expansion. This vulnerability is referenced as CVE-2026-44020 . It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.