PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-33231 nltk CVE debrief

CVE-2026-33231 is a high-severity denial of service vulnerability in the Natural Language Toolkit (NLTK) library, specifically affecting the wordnet_app feature in versions 3.9.3 and prior. An unauthenticated remote attacker can cause the local WordNet Browser HTTP server to shut down immediately by sending a specially crafted GET request. This vulnerability has been patched in a recent commit. Users should update to the latest version to mitigate this issue. The vulnerability has a CVSS score of 7.5 and is considered high severity.

Vendor
nltk
Product
Unknown
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-20
Original CVE updated
2026-06-30
Advisory published
2026-03-20
Advisory updated
2026-06-30

Who should care

Developers and administrators using NLTK version 3.9.3 or earlier should be aware of this vulnerability. Additionally, security teams and researchers monitoring for potential denial of service attacks against NLTK-based applications should also take note. Red Hat users may find additional information in errata RHSA-2026:19712 and RHSA-2026:24977.

Technical summary

The NLTK library's wordnet_app feature, when started in its default mode, is vulnerable to a denial of service attack. A simple GET request to /SHUTDOWN%20THE%20SERVER can cause the process to terminate immediately via os._exit(0). This issue has been patched in commit bbaae83db86a0f49e00f5b0db44a7254c268de9b. The vulnerability is tracked as CWE-306 and has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Defensive priority

This vulnerability should be prioritized for remediation due to its high severity and potential for exploitation. Affected users should update to the patched version as soon as possible.

Recommended defensive actions

  • Update NLTK to the latest version to apply the patch.
  • Review and restrict access to the WordNet Browser HTTP server.
  • Monitor for suspicious GET requests to /SHUTDOWN%20THE%20SERVER.
  • Consider implementing additional security measures for NLTK-based applications.
  • Review application logs for signs of exploitation attempts.

Evidence notes

The CVE record and NVD detail provide official information about the vulnerability. Additional references from Red Hat and GitHub offer further context and mitigation strategies. The vulnerability has been actively modified and updated since its initial publication.

Official resources

This article was generated with AI assistance based on the supplied source corpus.