CVE-2026-40682

Name of the Vulnerable Software and Affected Versions Apache OpenNLP versions prior to 2.5.9 Apache OpenNLP versions prior to 3.0.0-M3

Description The DictionaryEntryPersistor class initializes a static SAXParserFactory without enabling FEATURE SECURE PROCESSING or disabling DTD processing. When the create(InputStream, EntryInserter) function is invoked, external entity resolution and DOCTYPE declarations remain enabled. An attacker providing a crafted dictionary file containing a malicious DOCTYPE declaration can trigger local file disclosure via file:// entity references or server-side request forgery (SSRF)—a technique where the attacker forces the server to make requests to an unintended location—via http:// entity references during SAX parsing. The Dictionary(InputStream) constructor, which is the documented API for loading user-supplied dictionaries, delegates directly to this method.

Recommendations Upgrade to version 2.5.9 for 2.x users. Upgrade to version 3.0.0-M3 for 3.x users. Ensure all dictionary files are sourced from trusted origins. Implement input validation to reject any XML containing a DOCTYPE declaration before it reaches the Dictionary(InputStream) constructor.