CVE-2026-12199— Unauthenticated Denial of Service in nltk.app.wordnet_app

AI Predicted 7.5 Difficulty: Trivial EPSS 0.33% · P24 Updated Jun 17, 2026

Possible ATT&CK Techniques 2AI

T1499 · Endpoint Denial of Service T1499.002 · Service Exhaustion Flood

Affected Version Matrix 1

Vendor	Product	Version Range	Status
nltk	nltk/nltk	`unspecified≤ latest`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-12199

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Unauthenticated Denial of Service in nltk.app.wordnet_app

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability in `nltk.app.wordnet_app` up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its default mode. The server listens on all interfaces and processes a specific unauthenticated GET request (`/SHUTDOWN%20THE%20SERVER`) to terminate the process immediately via `os._exit(0)`. This results in a denial of service, impacting service availability. The issue arises due to insufficient authentication and protection mechanisms for critical server functions.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

关键功能的认证机制缺失

Source: NVD (National Vulnerability Database)

Vulnerability Title

nltk nltk/nltk 授权问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

NLTK是NLTK组织开源的一个自然语言工具包。用于支持自然语言处理的研究和开发。 nltk nltk/nltk 3.9.3及之前版本存在授权问题漏洞，该漏洞源于对关键服务器功能的身份验证和保护机制不足，可能导致未经身份验证的远程攻击者通过发送特定的未授权GET请求关闭本地WordNet Browser HTTP服务器，造成服务拒绝。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
nltk	nltk/nltk	unspecified ~ latest	-

II. Public POCs for CVE-2026-12199

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-12199

请登录查看更多情报信息。

Vendor Advisories for CVE-2026-12199 (1)

🔗 huntr - The world's first bug bounty platform for AI/ML Read full article

https://nvd.nist.gov/vuln/detail/CVE-2026-12199

IV. Related Vulnerabilities

Same product: nltk/nltk

Same vendor: nltk

Same weakness: CWE-306

V. Comments for CVE-2026-12199

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-12199— Unauthenticated Denial of Service in nltk.app.wordnet_app

Possible ATT&CK Techniques 2AI

Affected Version Matrix 1

I. Basic Information for CVE-2026-12199

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-12199

III. Intelligence Information for CVE-2026-12199

Vendor Advisories for CVE-2026-12199 (1)

IV. Related Vulnerabilities

V. Comments for CVE-2026-12199

Leave a comment