Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Unauthenticated network GET to a fixed path triggers immediate process termination with no user interaction; pure availability impact, no confidentiality or integrity effect.
Primary rating from Vendor (huntr_ai).
CVSS VectorVendor: huntr_ai
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability in nltk.app.wordnet_app up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its default mode. The server listens on all interfaces and processes a specific unauthenticated GET request (/SHUTDOWN%20THE%20SERVER) to terminate the process immediately via os._exit(0). This results in a denial of service, impacting service availability. The issue arises due to insufficient authentication and protection mechanisms for critical server functions.
AnalysisAI
Unauthenticated remote denial of service in NLTK's WordNet Browser HTTP server (nltk.app.wordnet_app) through version 3.9.3 allows any network-reachable attacker to terminate the server process by sending a single GET request to /SHUTDOWN%20THE%20SERVER. The server binds to all interfaces by default and invokes os._exit(0) on receipt, with no public exploit identified at time of analysis but exploitation is trivial given the documented endpoint.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires that a victim has started the NLTK WordNet Browser via nltk.app.wordnet_app in its default mode, which binds the HTTP server to all interfaces (0.0.0.0), and that the attacker has network reachability to the chosen listening port. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.0 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H accurately reflects a network-reachable, unauthenticated, trivially executed availability-only impact, scoring 7.5. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker on the same network as a researcher running the WordNet Browser issues a single HTTP request such as 'curl http://victim:port/SHUTDOWN%20THE%20SERVER', which causes the embedded server to immediately call os._exit(0) and terminate, disrupting any ongoing lexical lookups or dependent tooling. In a shared lab or container environment, repeated requests after each restart effectively prevent the service from staying available. |
| Remediation | No vendor-released patch identified at time of analysis based on the provided data; monitor the NLTK GitHub repository and the huntr report at https://huntr.com/bounties/cee4ca6a-d17f-4746-abad-c68119633d37 for a fixed release beyond 3.9.3. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Inventory all systems running nltk.app.wordnet_app and determine network accessibility. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Arbitrary code execution in the NLTK Python library (nltk/nltk 3.9.3 and earlier) allows an attacker to run untrusted Ja
Arbitrary file disclosure in NLTK 3.9.4 lets remote attackers read any file accessible to the Python process by passing
Same technique Authentication Bypass
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37569