cbcvebase.
CVE-2026-0848
published 2026-03-05

CVE-2026-0848: NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads…

PriorityP269critical10CVSS 3.0
AVNACLPRNUINSCCHIHAH
EPSS
0.78%
51.2th percentile
NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of arbitrary Java bytecode at import time. This vulnerability can be exploited through methods such as model poisoning, MITM attacks, or dependency poisoning, leading to remote code execution. The issue arises from the direct execution of the JAR file via subprocess with unvalidated classpath input, allowing malicious classes to execute when loaded by the JVM.

Affected

5 ranges
VendorProductVersion rangeFixed in
debiannltk< nltk 3.9.3-1 (forky)nltk 3.9.3-1 (forky)
nltknltk<= 3.9.2
nltknltk>= 0 < 3.9.3-13.9.3-1
nltknltk_nltkunspecified – latest
ubuntunltk

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor subprocess execution spawned by NLTK's StanfordSegmenter module that includes unvalidated classpath arguments pointing to external JAR files
  • Detect dynamic loading of external Java .jar files by the NLTK StanfordSegmenter module without integrity verification — flag any JAR loaded at import time from untrusted or unexpected paths
  • Alert on NLTK versions <=3.9.2 in use; fixed version is 3.9.3-1 (Debian forky/sid)
  • ·Exploitation requires a supply chain compromise (model poisoning, MITM, or dependency poisoning) to deliver or replace the JAR file; direct network exploitation without a prior supply chain foothold is not possible
  • ·Red Hat assessed this as no risk to their products because they control and verify the JAR supply chain; environments with verified JAR provenance have significantly reduced exposure

CVSS provenance

nvdv3.010.0CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
vendor_ubuntu8.6HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.