CRITICAL🇵🇱 Wersja polska

CVE-2026-0848

CVSS 10.0v3.0pub. 2026-03-05upd. 2026-04-21

NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of arbitrary Java bytecode at import time. This vulnerability can be exploited through methods such as model poisoning, MITM attacks, or dependency poisoning, leading to remote code execution. The issue arises from the direct execution of the JAR file via subprocess with unvalidated classpath input, allowing malicious classes to execute when loaded by the JVM.

🤖 AI Analysis
How it works

The StanfordSegmenter module dynamically loads external Java .jar files without verification or isolation (sandboxing). The JAR file is executed directly by subprocess with an unvalidated classpath parameter, allowing the JVM to load malicious classes at the moment of module import. An attacker can provide or substitute a JAR file using techniques such as model poisoning, MITM attack, or dependency poisoning. As a result, any Java bytecode contained in the malicious JAR file is executed in the context of the process.

Impact

An attacker can gain full control over the system by executing arbitrary code (RCE), which threatens the confidentiality, integrity, and availability of the environment in which the application using NLTK operates.

Mitigation & patch

Patches available from the vendor should be applied in accordance with the references. Until updates are applied, it is recommended to avoid using the StanfordSegmenter module and to verify the integrity of all external JAR files used by the application.

Who is affected

NLTK (Python package) in versions 3.9.2 and earlier that uses the StanfordSegmenter module.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Nltk

    APP
    Nltk
    ≤ 3.9.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2026-12243HIGH7.5ten sam produkt

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue #3504. T...

CVE-2026-54293HIGH7.5ten sam produkt

NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting ...

CVE-2026-33236HIGH8.1ten sam produkt

NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting ...

CVE-2026-33231HIGH7.5ten sam produkt

NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting ...

CVE-2026-0846HIGH7.5ten sam produkt

A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrar...