Skip to main content

Apache OpenNLP CVE-2026-40682

| EUVDEUVD-2026-27003 CRITICAL
Improper Restriction of XML External Entity Reference (CWE-611)
2026-05-04 apache GHSA-4v8g-86x5-3vrc
9.1
CVSS 3.1 · Vendor: apache
Share

Severity by source

Vendor (apache) PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
SUSE
CRITICAL
qualitative
Red Hat
7.5 HIGH
qualitative

Primary rating from Vendor (apache).

CVSS VectorVendor: apache

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

6
Analysis Generated
May 05, 2026 - 16:23 vuln.today
CVSS changed
May 05, 2026 - 16:22 NVD
9.1 (CRITICAL)
Patch available
May 04, 2026 - 18:32 EUVD
Patch released
May 04, 2026 - 18:16 nvd
Patch available
EUVD ID Assigned
May 04, 2026 - 17:15 euvd
EUVD-2026-27003
CVE Published
May 04, 2026 - 16:55 nvd
N/A

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 1 maven packages depend on org.apache.opennlp:opennlp-tools (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 3.0.0-M1.

DescriptionCVE.org

XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor

Versions Affected: before 2.5.9, before 3.0.0-M3

Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURE_SECURE_PROCESSING or disabling DTD processing. When create(InputStream, EntryInserter) is invoked, the only feature set on the XMLReader is namespace support - external entity resolution and DOCTYPE declarations remain fully enabled. An attacker who can supply a crafted dictionary file (e.g., a stop-word list or domain dictionary) containing a malicious DOCTYPE declaration can trigger local file disclosure via file:// entity references or server-side request forgery via http:// entity references during SAX parsing, before the application processes a single dictionary entry. This is inconsistent with the project's own XmlUtil.createSaxParser() helper, which correctly sets FEATURE_SECURE_PROCESSING and disallow-doctype-decl and is used by all other XML parsing paths in the codebase. The public Dictionary(InputStream) constructor delegates directly to this method and is the documented API for loading user-supplied dictionaries, making untrusted input a realistic scenario.

Mitigation: 2.x users should upgrade to 2.5.9. 3.x users should upgrade to 3.0.0-M3. Users who cannot upgrade immediately should ensure that all dictionary files are sourced from trusted origins and should consider wrapping the Dictionary(InputStream) constructor with input validation that rejects any XML containing a DOCTYPE declaration before it reaches the parser.

AnalysisAI

XML External Entity injection in Apache OpenNLP's DictionaryEntryPersistor allows remote unauthenticated attackers to disclose local files or perform server-side request forgery when processing untrusted dictionary files. The vulnerable SAX parser initialization omits critical security features (FEATURE_SECURE_PROCESSING, DTD disablement) present elsewhere in the codebase, creating an inconsistency exploitable via the public Dictionary(InputStream) API when loading stop-word lists or domain dictionaries. With EPSS at 0.03% (8th percentile) and no active exploitation reported, this represents a code-quality issue in a specific input path rather than an imminent widespread threat, though the CVSS 9.1 reflects maximum theoretical impact given the network-accessible, unauthenticated attack vector.

Technical ContextAI

Apache OpenNLP is a natural language processing toolkit. The DictionaryEntryPersistor class uses Java's SAXParserFactory for XML parsing but fails to configure XXE protections at class initialization. Standard XXE defenses require setting FEATURE_SECURE_PROCESSING (javax.xml.XMLConstants) and explicitly disabling external general entities, external parameter entities, and DOCTYPE declarations. OpenNLP's own XmlUtil.createSaxParser() helper implements these protections correctly and is used throughout the codebase, but DictionaryEntryPersistor bypasses it with a static factory that only enables namespace support. This creates CWE-611 (Improper Restriction of XML External Entity Reference) where malicious DOCTYPE declarations in dictionary files trigger entity expansion during SAX parsing. The affected component is cpe:2.3:a:apache_software_foundation:apache_opennlp across 2.x (pre-2.5.9) and 3.x (pre-3.0.0-M3) branches. Dictionary files are XML-formatted resources commonly loaded from user-controlled sources in NLP workflows, making untrusted input a realistic threat model.

RemediationAI

Vendor-released patches: Apache OpenNLP 2.5.9 for 2.x users and 3.0.0-M3 for 3.x users eliminate the vulnerability by correctly configuring SAX parser security features in DictionaryEntryPersistor. Download from official Apache distribution channels and verify release signatures per Apache security procedures (https://lists.apache.org/thread/r6jpt0qr9nj67gqhppqg7jxf8vsbo0w6). For users unable to upgrade immediately, implement pre-parse input validation rejecting any XML containing DOCTYPE declarations before passing to Dictionary(InputStream) constructor. Example compensating control: wrap InputStream in filtering layer that scans first 2KB for '<!DOCTYPE' substring and rejects if present (trade-off: potential false positives with legitimate comments, adds parsing overhead, does not protect against future XML injection variants). Stronger alternative: restrict dictionary file sources to administrator-controlled file paths with integrity verification via cryptographic signatures, preventing untrusted input from reaching the parser entirely (trade-off: reduces flexibility for dynamic dictionary loading in multi-tenant environments). Temporary workaround does not address root cause and should be replaced with vendor patch within standard change-control windows.

Vendor StatusVendor

SUSE

Severity: Critical

Share

CVE-2026-40682 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy