CVE-2026-0848

CRITICAL

NLTK <=3.9.2 - Remote Code Execution via StanfordSegmenter JAR Loading

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2026-0848. PoCs published by fevar54, HyperPS.

AI-analyzed exploit summary This repository contains a scanner for detecting the presence of vulnerable NLTK installations (CVE-2026-0848) by checking file system paths, pip versions, and local system details. It does not include exploit code but identifies potential targets.

Description

NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of arbitrary Java bytecode at import time. This vulnerability can be exploited through methods such as model poisoning, MITM attacks, or dependency poisoning, leading to remote code execution. The issue arises from the direct execution of the JAR file via subprocess with unvalidated classpath input, allowing malicious classes to execute when loaded by the JVM.

Exploits (3)

nomisec SCANNER

by fevar54 · poc

https://github.com/fevar54/CVE-2026-0848-Scanner---Herramienta-de-Detecci-n

View Code ZIP pw:eip

This repository contains a scanner for detecting the presence of vulnerable NLTK installations (CVE-2026-0848) by checking file system paths, pip versions, and local system details. It does not include exploit code but identifies potential targets.

Classification

Scanner 95%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: NLTK (Natural Language Toolkit) <= 3.9.2

No auth needed

Prerequisites: Access to the target system's file system or pip environment

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Apr 09, 2026 Full analysis →

nomisec WORKING POC

by fevar54 · poc

https://github.com/fevar54/CVE-2026-0848-PoC-Improper-Input-Validation

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2026-0848, demonstrating RCE via a malicious JAR file loaded by NLTK's StanfordSegmenter. The exploit leverages improper input validation to execute arbitrary code when the JAR is loaded.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: NLTK 3.9.2 (StanfordSegmenter)

No auth needed

Prerequisites: Python 3.8+ · Java JDK 8+ · NLTK 3.9.2

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 09, 2026 Full analysis →

nomisec WRITEUP

by HyperPS · poc

https://github.com/HyperPS/CVE-2026-0848

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2026-0848, a critical vulnerability in NLTK's StanfordSegmenter that allows arbitrary code execution via untrusted JAR loading. It includes a proof-of-concept demonstrating how a malicious JAR can be crafted and executed through NLTK's Java subprocess invocation.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: NLTK <= 3.9.2

No auth needed

Prerequisites: ability to supply or replace a JAR file used by StanfordSegmenter

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 09, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://huntr.com/bounties/08b109bb-ac24-403f-9422-1c246ce60202

Scores

CVSS v3 10.0

EPSS 0.0031

EPSS Percentile 54.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-20

Status published

Products (2)

nltk/nltk < 3.9.2

nltk/nltk/nltk unspecified - latest

Published Mar 05, 2026

Tracked Since Mar 06, 2026