CVE-2026-43825
- EPSS 8.79%
- Veröffentlicht 06.07.2026 15:42:04
- Zuletzt bearbeitet 08.07.2026 19:46:24
Untrusted Java Deserialization in Apache OpenNLP SvmDoccatModel Versions Affected: before 3.0.0-M4 (libsvm document categorization module; introduced in OPENNLP-1808 and only present on the 3.x line) Description: SvmDoccatModel.deserialize(Inpu...
CVE-2026-40682
- EPSS 0.52%
- Veröffentlicht 04.05.2026 16:55:55
- Zuletzt bearbeitet 30.06.2026 09:16:24
XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at clas...
CVE-2026-42027
- EPSS 0.69%
- Veröffentlicht 04.05.2026 16:43:12
- Zuletzt bearbeitet 30.06.2026 09:16:24
Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 1.9.5, before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtension(Class, String) method loads a class by...
CVE-2026-42440
- EPSS 0.63%
- Veröffentlicht 04.05.2026 16:40:32
- Zuletzt bearbeitet 03.07.2026 13:17:12
OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: before 1.9.5 before 2.5.9 before 3.0.0-M3 Description: The AbstractModelReader methods getOutcomes(), getOutcomePatterns(), and get...
CVE-2017-12620
- EPSS 3.02%
- Veröffentlicht 03.10.2017 01:29:01
- Zuletzt bearbeitet 13.05.2026 00:24:29
When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6....