Home / Vulnerability Intelligence / CVE-2026-0848

CVE-2026-0848 - Vulnerability Analysis

CriticalCVSS: 10.0

Last Updated: March 5, 2026

NLTK - Remote Code Execution

Published: March 5, 2026Updated: March 5, 2026Remote Exploitable

Overview

NLTK <= 3.9.2 contains a remote code execution caused by improper input validation in the StanfordSegmenter module loading unverified Java .jar files, letting attackers execute arbitrary Java bytecode remotely, exploit requires attacker to supply or replace JAR files.

Severity & Score

Severity: Critical

CVSS Score: 10.0

Impact

Attackers can execute arbitrary Java bytecode remotely, leading to full system compromise.

Mitigation

Update to the latest version of NLTK.

References

https://huntr.com/bounties/08b109bb-ac24-403f-9422-1c246ce60202

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-0848
Severity: Critical
CVSS Score: 10.0
Type: remote_code_execution
Status: new

CWE

CWE-20

CVSS Metrics

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H