Apache Opennlp
4 CVEs affecting Apache Opennlp. Latest disclosed: 2026-05-04. Critical: 3, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-42027 | Critical | 9.8 | 2026-05-04 | Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: Th… |
CVE-2017-12620 | Critical | 9.8 | 2017-10-03 | When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications… |
CVE-2026-40682 | Critical | 9.1 | 2026-05-04 | XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 De… |
CVE-2026-42440 | High | 7.5 | 2026-05-04 | OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: before 2.5.9 before 3.0.0-M3 Description: … |