Skip to main content

NLTK EUVDEUVD-2026-37569

| CVE-2026-12199 HIGH
Missing Authentication for Critical Function (CWE-306)
2026-06-17 @huntr_ai
7.5
CVSS 3.0 · Vendor: huntr_ai
Share

Severity by source

Vendor (huntr_ai) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
7.5 HIGH

Unauthenticated network GET to a fixed path triggers immediate process termination with no user interaction; pure availability impact, no confidentiality or integrity effect.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Red Hat
6.5 MEDIUM
qualitative

Primary rating from Vendor (huntr_ai).

CVSS VectorVendor: huntr_ai

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 17, 2026 - 08:23 vuln.today

DescriptionCVE.org

A vulnerability in nltk.app.wordnet_app up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its default mode. The server listens on all interfaces and processes a specific unauthenticated GET request (/SHUTDOWN%20THE%20SERVER) to terminate the process immediately via os._exit(0). This results in a denial of service, impacting service availability. The issue arises due to insufficient authentication and protection mechanisms for critical server functions.

AnalysisAI

Unauthenticated remote denial of service in NLTK's WordNet Browser HTTP server (nltk.app.wordnet_app) through version 3.9.3 allows any network-reachable attacker to terminate the server process by sending a single GET request to /SHUTDOWN%20THE%20SERVER. The server binds to all interfaces by default and invokes os._exit(0) on receipt, with no public exploit identified at time of analysis but exploitation is trivial given the documented endpoint.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify host running WordNet Browser
Delivery
Reach exposed HTTP port
Exploit
Send GET /SHUTDOWN%20THE%20SERVER
Execution
Handler invokes os._exit(0)
Impact
Service terminated, denial of service

Vulnerability AssessmentAI

Exploitation Requires that a victim has started the NLTK WordNet Browser via nltk.app.wordnet_app in its default mode, which binds the HTTP server to all interfaces (0.0.0.0), and that the attacker has network reachability to the chosen listening port. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.0 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H accurately reflects a network-reachable, unauthenticated, trivially executed availability-only impact, scoring 7.5. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker on the same network as a researcher running the WordNet Browser issues a single HTTP request such as 'curl http://victim:port/SHUTDOWN%20THE%20SERVER', which causes the embedded server to immediately call os._exit(0) and terminate, disrupting any ongoing lexical lookups or dependent tooling. In a shared lab or container environment, repeated requests after each restart effectively prevent the service from staying available.
Remediation No vendor-released patch identified at time of analysis based on the provided data; monitor the NLTK GitHub repository and the huntr report at https://huntr.com/bounties/cee4ca6a-d17f-4746-abad-c68119633d37 for a fixed release beyond 3.9.3. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all systems running nltk.app.wordnet_app and determine network accessibility. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

Share

EUVD-2026-37569 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy