Security update for python-nltk
This update for python-nltk fixes the following issues:
- CVE-2026-33230: reflected cross-site scripting issue in the `lookup_...`
route (boo#1260066)
- CVE-2026-33231: unauthenticated remote shutdown of the local WordNet Browser
HTTP server when it is started in its default mode (boo#1260067)
- CVE-2026-33236: Attackers can control a remote XML index server to provide
malicious values containing path traversal sequences (boo#1260068)
-
Submitted by
Nico Krapp (nkrapp)
Fixed bugs
bnc#1260068
VUL-0: CVE-2026-33236: python-nltk: Attackers can control a remote XML index server to provide malicious values containing path traversal sequences
bnc#1260067
VUL-0: CVE-2026-33231: python-nltk: unauthenticated remote shutdown of the local WordNet Browser HTTP server when it is started in its default mode
bnc#1260066
VUL-0: CVE-2026-33230: python-nltk: reflected cross-site scripting issue in the `lookup_...` route
