CVE-2026-33231— NLTK has unauthenticated remote shutdown in nltk.app.wordnet_app
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-33231
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NLTK has unauthenticated remote shutdown in nltk.app.wordnet_app
Source: NVD (National Vulnerability Database)
Vulnerability Description
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when it is started in its default mode. A simple `GET /SHUTDOWN%20THE%20SERVER` request causes the process to terminate immediately via `os._exit(0)`, resulting in a denial of service. Commit bbaae83db86a0f49e00f5b0db44a7254c268de9b patches the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
关键功能的认证机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
NLTK 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
NLTK是NLTK开源的一个自然语言工具包。用于支持自然语言处理的研究和开发。 NLTK 3.9.3及之前版本存在访问控制错误漏洞,该漏洞源于nltk.app.wordnet_app允许未经身份验证的远程关闭本地WordNet Browser HTTP服务器,可能导致拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-33231
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-33231
请登录查看更多情报信息。
- Merge commit from fork · nltk/nltk@bbaae83 · GitHubx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2026-33231
Same Patch Batch · nltk · 2026-03-20 · 3 CVEs total
| CVE-2026-33236 | 8.1 HIGH | NLTK has a Downloader Path Traversal Vulnerability (AFO) - Arbitrary File Overwrite |
| CVE-2026-33230 | 6.1 MEDIUM | nltk Vulnerable to Cross-site Scripting |
IV. Related Vulnerabilities
Same vendor: nltk
- CVE-2026-33236
NLTK has a Downloader Path Traversal Vulnerability (AFO) - A - CVE-2026-33230
nltk Vulnerable to Cross-site Scripting - CVE-2026-0846
Arbitrary File Read via Absolute Path Input in nltk.util.fil - CVE-2026-0848
Arbitrary Code Execution in NLTK StanfordSegmenter via Untru - CVE-2026-0847
Path Traversal in nltk/nltk
Same weakness: CWE-306
- CVE-2021-47940
WordPress Download From Files 1.48 Arbitrary File Upload - CVE-2021-47936
OpenCATS 0.9.4 Remote Code Execution via Resume Upload - CVE-2021-47933
WordPress MStore API 2.0.6 Arbitrary File Upload - CVE-2026-8185
UGREEN CM933 Administrative missing authentication - CVE-2026-42302
FastGPT: Unauthenticated Remote Code Execution (RCE) via cod
V. Comments for CVE-2026-33231
No comments yet