Home / Vulnerability Intelligence / CVE-2026-0848

CVE-2026-0848 - Vulnerability Analysis

CriticalCVSS: 10.0

Last Updated: March 6, 2026

NLTK - Remote Code Execution

Published: March 5, 2026Updated: March 6, 2026Remote Exploitable

Overview

NLTK <= 3.9.2 contains a remote code execution caused by improper input validation in the StanfordSegmenter module loading unverified Java .jar files, letting attackers execute arbitrary Java bytecode remotely, exploit requires attacker to supply or replace JAR files.

Severity & Score

Severity: Critical

CVSS Score: 10.0

EPSS Score: 48.0%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary Java bytecode remotely, leading to full system compromise.

Mitigation

Update to the latest version of NLTK.

References

https://huntr.com/bounties/08b109bb-ac24-403f-9422-1c246ce60202

Social Media Activity(1 post)

Claudio C

@cktodon

Mar 30, 2026

Cómo un fallo en una librería de #Python puede comprometer sistemas de #IA (CVE-2026-0848) https://unaaldia.hispasec.com/2026/03/como-un-fallo-en-una-libreria-de-python-puede-comprometer-sistemas-de-ia-cve-2026-0848.html?utm_source=rss&amp

View original post

GitHub Repositories(3 repos)

Related Resources

Details

CVE ID: CVE-2026-0848
Severity: Critical
CVSS Score: 10.0
Type: remote_code_execution
Status: new
EPSS: 48.0%
Social Posts: 1

CWE

CWE-20

CVSS Metrics

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score

48.0%Probability of exploitation in the next 30 days