2449836 – (CVE-2026-33231) CVE-2026-33231 nltk: NLTK: Denial of Service via unauthenticated remote shutdown

Bug 2449836 (CVE-2026-33231) - CVE-2026-33231 nltk: NLTK: Denial of Service via unauthenticated remote shutdown

Summary: CVE-2026-33231 nltk: NLTK: Denial of Service via unauthenticated remote shutdown

Keywords:
Status:	NEW
Alias:	CVE-2026-33231
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-20 23:03 UTC by OSIDB Bzimport
Modified:	2026-03-23 06:38 UTC (History)
CC List:	27 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-03-20 23:03:01 UTC

NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when it is started in its default mode. A simple `GET /SHUTDOWN%20THE%20SERVER` request causes the process to terminate immediately via `os._exit(0)`, resulting in a denial of service. Commit bbaae83db86a0f49e00f5b0db44a7254c268de9b patches the issue.

Note You need to log in before you can comment on or make changes to this bug.

anpicker
bparees
dschmidt
ebourniv
erezende
hasun
jfula
jkoehler
jlanda
jowilson
jwong
kshier
lgallett
lphiri
nyancey
omaciel
ometelka
ptisnovs
sbunciak
simaishi
smcdonal
stcannon
syedriko
teagle
ttakamiy
xdharmai
yguenane