CVE-2026-33231

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-33231
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33231.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-33231
Aliases
Downstream
Related
Published
2026-03-20T22:45:40.784Z
Modified
2026-04-10T05:42:39.488239Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
NLTK has unauthenticated remote shutdown in nltk.app.wordnet_app
Details

NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnet_app allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when it is started in its default mode. A simple GET /SHUTDOWN%20THE%20SERVER request causes the process to terminate immediately via os._exit(0), resulting in a denial of service. Commit bbaae83db86a0f49e00f5b0db44a7254c268de9b patches the issue.

Database specific 
{
    "cwe_ids": [
        "CWE-306"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33231.json"
}
References

Affected packages

Git / github.com/nltk/nltk

Affected ranges

Type
GIT
Repo
https://github.com/nltk/nltk
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
bbaae83db86a0f49e00f5b0db44a7254c268de9b

Affected versions

2.*
2.0.1rc1
2.0.1rc2
2.0.1rc3
2.0.1rc4
3.*
3.0.0b1
3.0.2
3.0.3
3.0.4
3.0.5
3.0a4
3.1
3.2
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.3
3.4
3.4.1
3.4.3
3.4.4
3.5
3.5b1
3.6
3.6.1
3.6.2
3.6.5
3.6.6
3.6.7
3.7
3.8
3.8.1
3.8.2
3.9
3.9.1
3.9.2
3.9.3
v3.*
v3.9.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33231.json"