CVE-2026-0848
published 2026-03-05CVE-2026-0848: NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads…
PriorityP269critical10CVSS 3.0
AVNACLPRNUINSCCHIHAH
EPSS
0.78%
51.2th percentile
NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of arbitrary Java bytecode at import time. This vulnerability can be exploited through methods such as model poisoning, MITM attacks, or dependency poisoning, leading to remote code execution. The issue arises from the direct execution of the JAR file via subprocess with unvalidated classpath input, allowing malicious classes to execute when loaded by the JVM.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nltk | < nltk 3.9.3-1 (forky) | nltk 3.9.3-1 (forky) |
| nltk | nltk | <= 3.9.2 | — |
| nltk | nltk | >= 0 < 3.9.3-1 | 3.9.3-1 |
| nltk | nltk_nltk | unspecified – latest | — |
| ubuntu | nltk | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor subprocess execution spawned by NLTK's StanfordSegmenter module that includes unvalidated classpath arguments pointing to external JAR files ↗
- →Detect dynamic loading of external Java .jar files by the NLTK StanfordSegmenter module without integrity verification — flag any JAR loaded at import time from untrusted or unexpected paths ↗
- →Alert on NLTK versions <=3.9.2 in use; fixed version is 3.9.3-1 (Debian forky/sid) ↗
- ·Exploitation requires a supply chain compromise (model poisoning, MITM, or dependency poisoning) to deliver or replace the JAR file; direct network exploitation without a prior supply chain foothold is not possible ↗
- ·Red Hat assessed this as no risk to their products because they control and verify the JAR supply chain; environments with verified JAR provenance have significantly reduced exposure ↗
CVSS provenance
nvdv3.010.0CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
vendor_ubuntu8.6HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
NLTK vulnerabilities
vendor_ubuntu·2026-05-25·CVSS 8.6
CVE-2026-33230 [HIGH] NLTK vulnerabilities
Title: NLTK vulnerabilities
Summary: Several security issues were fixed in NLTK.
It was discovered that NLTK incorrectly validated file paths when
opening files using the nltk.util module. An attacker could possibly
use this issue to obtain sensitive information. (CVE-2026-0846)
It was discovered that NLTK incorrectly validated file paths in
multiple CorpusReader classes. An attacker could possibly use
this issue to obtain sensitive information. (CVE-2026-0847)
It was discovered that NLTK did not properly validate external
Java archive files loaded by StanfordSegmenter. An attacker
could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu
22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS.
(CVE-2026-0848)
It was discove
Red Hat
nltk: NLTK: Arbitrary code execution via unvalidated Java Archive (JAR) file loading
vendor_redhat·2026-03-05·CVSS 10.0
CVE-2026-0848 [CRITICAL] CWE-829 nltk: NLTK: Arbitrary code execution via unvalidated Java Archive (JAR) file loading
nltk: NLTK: Arbitrary code execution via unvalidated Java Archive (JAR) file loading
NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of arbitrary Java bytecode at import time. This vulnerability can be exploited through methods such as model poisoning, MITM attacks, or dependency poisoning, leading to remote code execution. The issue arises from the direct execution of the JAR file via subprocess with unvalidated classpath input, allowing malicious classes to execute when loaded by the JVM.
A code injection flaw was found in nltk. The StanfordSegme
Debian
CVE-2026-0848: nltk - NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper...
vendor_debian·2026·CVSS 10.0
CVE-2026-0848 [CRITICAL] CVE-2026-0848: nltk - NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper...
NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of arbitrary Java bytecode at import time. This vulnerability can be exploited through methods such as model poisoning, MITM attacks, or dependency poisoning, leading to remote code execution. The issue arises from the direct execution of the JAR file via subprocess with unvalidated classpath input, allowing malicious classes to execute when loaded by the JVM.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 3.9.3-1)
sid: resolved (fixed in 3.9.3-1)
trixie: open
GHSA
GHSA-v2w2-xcg6-53wj: NLTK versions <=3
ghsa_unreviewed·2026-03-05
CVE-2026-0848 [CRITICAL] CWE-20 GHSA-v2w2-xcg6-53wj: NLTK versions <=3
NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of arbitrary Java bytecode at import time. This vulnerability can be exploited through methods such as model poisoning, MITM attacks, or dependency poisoning, leading to remote code execution. The issue arises from the direct execution of the JAR file via subprocess with unvalidated classpath input, allowing malicious classes to execute when loaded by the JVM.
OSV
CVE-2026-0848: NLTK versions <=3
osv·2026-03-05·CVSS 10.0
CVE-2026-0848 [CRITICAL] CVE-2026-0848: NLTK versions <=3
NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of arbitrary Java bytecode at import time. This vulnerability can be exploited through methods such as model poisoning, MITM attacks, or dependency poisoning, leading to remote code execution. The issue arises from the direct execution of the JAR file via subprocess with unvalidated classpath input, allowing malicious classes to execute when loaded by the JVM.
No detection rules found.
No public exploits indexed.
2026-03-05
Published