CVE-2026-12199
Unauthenticated Denial of Service in nltk.app.wordnet_app
Description
A vulnerability in `nltk.app.wordnet_app` up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its default mode. The server listens on all interfaces and processes a specific unauthenticated GET request (`/SHUTDOWN%20THE%20SERVER`) to terminate the process immediately via `os._exit(0)`. This results in a denial of service, impacting service availability. The issue arises due to insufficient authentication and protection mechanisms for critical server functions.
INFO
Published Date :
June 17, 2026, 7:13 a.m.
Last Modified :
June 17, 2026, 7:13 a.m.
Remotely Exploit :
Yes !
Source :
@huntr_ai
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.0 | HIGH | MITRE-CVE | ||||
| CVSS 3.0 | HIGH | [email protected] |
Solution
- Update nltk to version 3.9.4 or later.
- Ensure WordNet Browser is not started in default mode.
- Implement authentication for server management functions.
- Restrict server network access to trusted interfaces.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-12199 vulnerability anywhere in the article.