CVE-2026-12199

A vulnerability in nltk.app.wordnet app up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its default mode. The server listens on all interfaces and processes a specific unauthenticated GET request (/SHUTDOWN%20THE%20SERVER) to terminate the process immediately via os. exit(0). This results in a denial of service, impacting service availability. The issue arises due to insufficient authentication and protection mechanisms for critical server functions.