UBUNTU-CVE-2026-33230

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-33230

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-33230.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-33230

Upstream

CVE-2026-33230

Published

2026-03-20T23:16:00Z

Modified

2026-03-25T17:36:54Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnet_app contains a reflected cross-site scripting issue in the lookup_... route. A crafted lookup_<payload> URL can inject arbitrary HTML/JavaScript into the response page because attacker-controlled word data is reflected into HTML without escaping. This impacts users running the local WordNet Browser server and can lead to script execution in the browser origin of that application. Commit 1c3f799607eeb088cab2491dcf806ae83c29ad8f fixes the issue.

References

Affected packages

Ubuntu:22.04:LTS

nltk

Package

Name: nltk
Purl: pkg:deb/ubuntu/nltk@3.7-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.5-1

3.6.5-1

3.6.7-1

3.7-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python3-nltk",
            "binary_version": "3.7-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-33230.json"

Ubuntu:24.04:LTS

nltk

Package

Name: nltk
Purl: pkg:deb/ubuntu/nltk@3.8.1-1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.8.1-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python3-nltk",
            "binary_version": "3.8.1-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-33230.json"

Ubuntu:25.10

nltk

Package

Name: nltk
Purl: pkg:deb/ubuntu/nltk@3.9.1-2?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.9.1-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python3-nltk",
            "binary_version": "3.9.1-2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-33230.json"

Ubuntu:Pro:14.04:LTS

nltk

Package

Name: nltk
Purl: pkg:deb/ubuntu/nltk@2.0~b9-0ubuntu4.1~esm4?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.0~b9-0ubuntu4

2.0~b9-0ubuntu4.1~esm2

2.0~b9-0ubuntu4.1~esm4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python-nltk",
            "binary_version": "2.0~b9-0ubuntu4.1~esm4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-33230.json"

Ubuntu:Pro:16.04:LTS

nltk

Package

Name: nltk
Purl: pkg:deb/ubuntu/nltk@3.1-1ubuntu0.1+esm2?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.4-1

3.0.5-1

3.1-1

3.1-1ubuntu0.1

3.1-1ubuntu0.1+esm1

3.1-1ubuntu0.1+esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python-nltk",
            "binary_version": "3.1-1ubuntu0.1+esm2"
        },
        {
            "binary_name": "python3-nltk",
            "binary_version": "3.1-1ubuntu0.1+esm2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-33230.json"

Ubuntu:Pro:18.04:LTS

nltk

Package

Name: nltk
Purl: pkg:deb/ubuntu/nltk@3.2.5-1ubuntu0.1+esm2?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.2.4-1

3.2.5-1

3.2.5-1ubuntu0.1

3.2.5-1ubuntu0.1+esm1

3.2.5-1ubuntu0.1+esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python-nltk",
            "binary_version": "3.2.5-1ubuntu0.1+esm2"
        },
        {
            "binary_name": "python3-nltk",
            "binary_version": "3.2.5-1ubuntu0.1+esm2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-33230.json"

Ubuntu:Pro:20.04:LTS

nltk

Package

Name: nltk
Purl: pkg:deb/ubuntu/nltk@3.4.5-2ubuntu0.1~esm2?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.4.5-1

3.4.5-2

3.4.5-2ubuntu0.1~esm1

3.4.5-2ubuntu0.1~esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python3-nltk",
            "binary_version": "3.4.5-2ubuntu0.1~esm2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-33230.json"