PT-2026-55955 · Apache · Apache Opennlp
Subramanian S
·
Published
2026-07-06
·
Updated
2026-07-06
·
CVE-2026-43825
CVSS v3.1
7.3
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Apache OpenNLP versions prior to 3.0.0-M4
Description
Untrusted Java deserialization occurs in the
SvmDoccatModel.deserialize(InputStream) function. The function uses java.io.ObjectInputStream to read an attacker-controlled stream and calls readObject() without an ObjectInputFilter. Because the object graph is fully deserialized before being cast to SvmDoccatModel, an attacker can execute arbitrary code in the JVM if a deserialization gadget chain is present on the classpath. This issue primarily affects downstream applications that embed the libsvm module alongside vulnerable transitive dependencies.Recommendations
Upgrade to version 3.0.0-M4.
Avoid invoking the
SvmDoccatModel.deserialize() function on streams supplied by end users or fetched from third-party sources without integrity checks.Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Opennlp