High severityNVD Advisory· Published Mar 20, 2026· Updated Mar 25, 2026
NLTK has unauthenticated remote shutdown in nltk.app.wordnet_app
CVE-2026-33231
Description
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnet_app allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when it is started in its default mode. A simple GET /SHUTDOWN%20THE%20SERVER request causes the process to terminate immediately via os._exit(0), resulting in a denial of service. Commit bbaae83db86a0f49e00f5b0db44a7254c268de9b patches the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nltkPyPI | < 3.9.4 | 3.9.4 |
Affected products
19- osv-coords18 versionspkg:apk/chainguard/apache-beam-python-3.11-sdkpkg:apk/chainguard/apache-beam-python-3.12-sdkpkg:apk/chainguard/apache-beam-python-3.13-sdkpkg:apk/chainguard/kubeflow-pipelines-visualization-serverpkg:apk/chainguard/label-studiopkg:apk/chainguard/nemopkg:apk/chainguard/open-webuipkg:apk/chainguard/py3.11-nltkpkg:apk/chainguard/py3.12-nltkpkg:apk/chainguard/py3.13-nltkpkg:apk/chainguard/py3-nltkpkg:apk/wolfi/kubeflow-pipelines-visualization-serverpkg:apk/wolfi/open-webuipkg:apk/wolfi/py3.11-nltkpkg:apk/wolfi/py3.12-nltkpkg:apk/wolfi/py3.13-nltkpkg:apk/wolfi/py3-nltkpkg:pypi/nltk
< 2.71.0-r8+ 17 more
- (no CPE)range: < 2.71.0-r8
- (no CPE)range: < 2.71.0-r2
- (no CPE)range: < 2.71.0-r2
- (no CPE)range: < 2.16.0-r3
- (no CPE)range: < 1.23.0-r1
- (no CPE)range: < 2.7.2-r1
- (no CPE)range: < 0.8.12-r2
- (no CPE)range: < 3.9.4-r0
- (no CPE)range: < 3.9.4-r0
- (no CPE)range: < 3.9.4-r0
- (no CPE)range: < 3.9.4-r0
- (no CPE)range: < 2.16.0-r3
- (no CPE)range: < 0.8.12-r2
- (no CPE)range: < 3.9.4-r0
- (no CPE)range: < 3.9.4-r0
- (no CPE)range: < 3.9.4-r0
- (no CPE)range: < 3.9.4-r0
- (no CPE)range: < 3.9.4
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-jm6w-m3j8-898gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-33231ghsaADVISORY
- github.com/nltk/nltk/commit/bbaae83db86a0f49e00f5b0db44a7254c268de9bghsax_refsource_MISCWEB
- github.com/nltk/nltk/security/advisories/GHSA-jm6w-m3j8-898gghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.