CVE-2026-0848
Received Received - Intake
Arbitrary Code Execution in NLTK StanfordSegmenter via Unvalidated JAR

Publication date: 2026-03-05

Last updated on: 2026-04-21

Assigner: huntr.dev

Description
NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of arbitrary Java bytecode at import time. This vulnerability can be exploited through methods such as model poisoning, MITM attacks, or dependency poisoning, leading to remote code execution. The issue arises from the direct execution of the JAR file via subprocess with unvalidated classpath input, allowing malicious classes to execute when loaded by the JVM.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-04-21
Generated
2026-05-27
AI Q&A
2026-03-05
EPSS Evaluated
2026-05-25
NVD
CVE-2026-0848
EUVD
EUVD-2026-9875
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nltk nltk to 3.9.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :

This vulnerability can have severe impacts as it allows an attacker to execute arbitrary code remotely on the affected system without any privileges or user interaction.

  • Complete compromise of the system running the vulnerable NLTK version.
  • Potential data theft, data corruption, or disruption of services.
  • Attackers can use this to install malware, create backdoors, or pivot to other parts of the network.

Can you explain this vulnerability to me?

NLTK versions up to 3.9.2 have a vulnerability in the StanfordSegmenter module where it improperly validates input. This module dynamically loads external Java .jar files without verifying or sandboxing them. An attacker can supply or replace the JAR file, which allows them to execute arbitrary Java bytecode when the module is imported.

The vulnerability occurs because the JAR file is executed directly via a subprocess with unvalidated classpath input, enabling malicious classes to run within the Java Virtual Machine (JVM).

Exploitation methods include model poisoning, man-in-the-middle (MITM) attacks, or dependency poisoning, all of which can lead to remote code execution.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade NLTK to a version later than 3.9.2 where the issue is fixed.

Avoid using the StanfordSegmenter module with untrusted or external Java .jar files, as it dynamically loads these without verification or sandboxing.

Ensure that your environment does not allow attackers to supply or replace the JAR files used by the StanfordSegmenter module.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart