SUSE Package Hub - openSUSE-2026-98

Update Info

openSUSE-2026-98

Security update for python-nltk

Type: security

Severity: important

Issued: 2026-03-27

Description:

This update for python-nltk fixes the following issues:

- CVE-2026-33230: reflected cross-site scripting issue in the `lookup_...`
  route (boo#1260066)
- CVE-2026-33231: unauthenticated remote shutdown of the local WordNet Browser
  HTTP server when it is started in its default mode (boo#1260067)
- CVE-2026-33236: Attackers can control a remote XML index server to provide
  malicious values containing path traversal sequences (boo#1260068)

References

CVE: CVE-2026-33236
CVE: CVE-2026-33231
CVE: CVE-2026-33230
Bugzilla: 1260068 VUL-0: CVE-2026-33236: python-nltk: Attackers can control a remote XML index server to provide malicious values containing path traversal sequences
Bugzilla: 1260067 VUL-0: CVE-2026-33231: python-nltk: unauthenticated remote shutdown of the local WordNet Browser HTTP server when it is started in its default mode
Bugzilla: 1260066 VUL-0: CVE-2026-33230: python-nltk: reflected cross-site scripting issue in the `lookup_...` route

Packages

python-nltk-3.7-bp157.3.9.1