VYPR
High severityNVD Advisory· Published Mar 20, 2026· Updated Mar 25, 2026

NLTK has unauthenticated remote shutdown in nltk.app.wordnet_app

CVE-2026-33231

Description

NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnet_app allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when it is started in its default mode. A simple GET /SHUTDOWN%20THE%20SERVER request causes the process to terminate immediately via os._exit(0), resulting in a denial of service. Commit bbaae83db86a0f49e00f5b0db44a7254c268de9b patches the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
nltkPyPI
< 3.9.43.9.4

Affected products

19

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.