{"api_version":"1","generated_at":"2026-07-13T15:19:24+00:00","cve":"CVE-2026-33231","urls":{"html":"https://cve.report/CVE-2026-33231","api":"https://cve.report/api/cve/CVE-2026-33231.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-33231","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-33231"},"summary":{"title":"NLTK has unauthenticated remote shutdown in nltk.app.wordnet_app","description":"NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when it is started in its default mode. A simple `GET /SHUTDOWN%20THE%20SERVER` request causes the process to terminate immediately via `os._exit(0)`, resulting in a denial of service. Commit bbaae83db86a0f49e00f5b0db44a7254c268de9b patches the issue.","state":"PUBLISHED","assigner":"GitHub_M","published_at":"2026-03-20 23:16:46","updated_at":"2026-07-10 12:16:40"},"problem_types":["CWE-306","CWE-306 CWE-306: Missing Authentication for Critical Function","CWE-306 Missing Authentication for Critical Function"],"metrics":[{"version":"3.1","source":"ADP","type":"CVSS","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}},{"version":"3.1","source":"security-advisories@github.com","type":"Secondary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}},{"version":"3.1","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}}],"references":[{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33231.json","name":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33231.json","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2026-33231","name":"https://access.redhat.com/security/cve/CVE-2026-33231","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:24977","name":"https://access.redhat.com/errata/RHSA-2026:24977","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/nltk/nltk/commit/bbaae83db86a0f49e00f5b0db44a7254c268de9b","name":"https://github.com/nltk/nltk/commit/bbaae83db86a0f49e00f5b0db44a7254c268de9b","refsource":"security-advisories@github.com","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:37275","name":"https://access.redhat.com/errata/RHSA-2026:37275","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/nltk/nltk/security/advisories/GHSA-jm6w-m3j8-898g","name":"https://github.com/nltk/nltk/security/advisories/GHSA-jm6w-m3j8-898g","refsource":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:19712","name":"https://access.redhat.com/errata/RHSA-2026:19712","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449836","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2449836","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-33231","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33231","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"nltk","product":"nltk","version":"affected <= 3.9.3","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat OpenShift AI 2.25","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Lightspeed Core","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"OpenShift Lightspeed","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","version":"","platforms":[]}],"timeline":[{"source":"ADP","time":"2026-03-20T23:02:37.298Z","lang":"en","value":"Reported to Red Hat."},{"source":"ADP","time":"2026-03-20T22:45:40.784Z","lang":"en","value":"Made public."}],"solutions":[{"source":"ADP","title":"","value":"RHSA-2026:24977: Red Hat OpenShift AI 2.25","time":"","lang":"en"},{"source":"ADP","title":"","value":"RHSA-2026:19712: Red Hat OpenShift AI 3.3","time":"","lang":"en"},{"source":"ADP","title":"","value":"RHSA-2026:37275: Red Hat OpenShift AI 3.3","time":"","lang":"en"}],"workarounds":[{"source":"ADP","title":"","value":"To mitigate this vulnerability, ensure that the NLTK WordNet Browser HTTP server (`nltk.app.wordnet_app`) is not exposed to untrusted networks. If the WordNet Browser functionality is not required, disable or remove the component. For deployments where the server is necessary, configure firewall rules to restrict access to trusted hosts only. A service restart may be required for changes to take effect.","time":"","lang":"en"}],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2026","cve_id":"33231","vulnerable":"1","versionEndIncluding":"3.9.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"nltk","cpe5":"nltk","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"33231","cve":"CVE-2026-33231","epss":"0.008750000","percentile":"0.547240000","score_date":"2026-07-12","updated_at":"2026-07-13 00:07:37"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-33231","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-03-25T13:43:39.454391Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-03-25T13:43:45.724Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"affected":[{"cpes":["cpe:/a:redhat:openshift_ai:2.25::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift AI 2.25","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift AI 3.3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:lightspeed_core"],"defaultStatus":"affected","product":"Lightspeed Core","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_lightspeed"],"defaultStatus":"affected","product":"OpenShift Lightspeed","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:ansible_automation_platform:2"],"defaultStatus":"affected","product":"Red Hat Ansible Automation Platform 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_ai"],"defaultStatus":"affected","product":"Red Hat OpenShift AI (RHOAI)","vendor":"Red Hat"}],"datePublic":"2026-03-20T22:45:40.784Z","descriptions":[{"lang":"en","value":"A flaw was found in NLTK (Natural Language Toolkit), specifically in the `nltk.app.wordnet_app` component. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted GET request to the local WordNet Browser HTTP server when it is running in its default configuration. This action causes the server process to terminate immediately, leading to a denial of service."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-306","description":"Missing Authentication for Critical Function","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-10T12:05:25.811Z","orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP"},"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-33231"},{"name":"RHBZ#2449836","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449836"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33231.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:24977"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19712"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:37275"}],"solutions":[{"lang":"en","value":"RHSA-2026:24977: Red Hat OpenShift AI 2.25"},{"lang":"en","value":"RHSA-2026:19712: Red Hat OpenShift AI 3.3"},{"lang":"en","value":"RHSA-2026:37275: Red Hat OpenShift AI 3.3"}],"timeline":[{"lang":"en","time":"2026-03-20T23:02:37.298Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-03-20T22:45:40.784Z","value":"Made public."}],"title":"nltk: NLTK: Denial of Service via unauthenticated remote shutdown","workarounds":[{"lang":"en","value":"To mitigate this vulnerability, ensure that the NLTK WordNet Browser HTTP server (`nltk.app.wordnet_app`) is not exposed to untrusted networks. If the WordNet Browser functionality is not required, disable or remove the component. For deployments where the server is necessary, configure firewall rules to restrict access to trusted hosts only. A service restart may be required for changes to take effect."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"}}],"cna":{"affected":[{"product":"nltk","vendor":"nltk","versions":[{"status":"affected","version":"<= 3.9.3"}]}],"descriptions":[{"lang":"en","value":"NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when it is started in its default mode. A simple `GET /SHUTDOWN%20THE%20SERVER` request causes the process to terminate immediately via `os._exit(0)`, resulting in a denial of service. Commit bbaae83db86a0f49e00f5b0db44a7254c268de9b patches the issue."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-306","description":"CWE-306: Missing Authentication for Critical Function","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-03-20T22:45:40.784Z","orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M"},"references":[{"name":"https://github.com/nltk/nltk/security/advisories/GHSA-jm6w-m3j8-898g","tags":["x_refsource_CONFIRM"],"url":"https://github.com/nltk/nltk/security/advisories/GHSA-jm6w-m3j8-898g"},{"name":"https://github.com/nltk/nltk/commit/bbaae83db86a0f49e00f5b0db44a7254c268de9b","tags":["x_refsource_MISC"],"url":"https://github.com/nltk/nltk/commit/bbaae83db86a0f49e00f5b0db44a7254c268de9b"}],"source":{"advisory":"GHSA-jm6w-m3j8-898g","discovery":"UNKNOWN"},"title":"NLTK has unauthenticated remote shutdown in nltk.app.wordnet_app"}},"cveMetadata":{"assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","assignerShortName":"GitHub_M","cveId":"CVE-2026-33231","datePublished":"2026-03-20T22:45:40.784Z","dateReserved":"2026-03-18T02:42:27.507Z","dateUpdated":"2026-07-10T12:05:25.811Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-03-20 23:16:46","lastModifiedDate":"2026-07-10 12:16:40","problem_types":["CWE-306","CWE-306 CWE-306: Missing Authentication for Critical Function","CWE-306 Missing Authentication for Critical Function"],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-25T13:43:39.454391Z","id":"CVE-2026-33231","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nltk:nltk:*:*:*:*:*:*:*:*","versionEndIncluding":"3.9.3","matchCriteriaId":"E3C35863-7D82-4EEF-BDE8-E94C559CF4FB"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"33231","Ordinal":"1","Title":"NLTK has unauthenticated remote shutdown in nltk.app.wordnet_app","CVE":"CVE-2026-33231","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"33231","Ordinal":"1","NoteData":"NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when it is started in its default mode. A simple `GET /SHUTDOWN%20THE%20SERVER` request causes the process to terminate immediately via `os._exit(0)`, resulting in a denial of service. Commit bbaae83db86a0f49e00f5b0db44a7254c268de9b patches the issue.","Type":"Description","Title":"NLTK has unauthenticated remote shutdown in nltk.app.wordnet_app"}]}}}