CVE-2026-43825 (GCVE-0-2026-43825)
Vulnerability from cvelistv5 – Published: 2026-07-06 15:42 – Updated: 2026-07-06 19:12
VLAI
Title
Apache OpenNLP :: Core :: ML :: LibSVM: Unsafe Java Deserialization in SvmDoccatModel
Summary
Untrusted Java Deserialization in Apache OpenNLP SvmDoccatModel
Versions Affected:
before 3.0.0-M4 (libsvm document categorization module; introduced in
OPENNLP-1808 and only present on the 3.x line)
Description:
SvmDoccatModel.deserialize(InputStream) reads an attacker-controlled
stream with java.io.ObjectInputStream and calls readObject() without an
ObjectInputFilter installed. ObjectInputStream materialises every class
referenced in the stream before the resulting object is cast to
SvmDoccatModel, so the cast that follows readObject() executes only
after the foreign object graph has already been deserialised in full.
If a Java deserialization gadget chain is available on the consumer's
classpath, a crafted payload supplied to
deserialize() executes arbitrary code in the JVM that loads it. Apache
OpenNLP itself does not ship a known gadget chain, so the realistic
risk is to downstream applications that embed the libsvm module
alongside vulnerable transitive dependencies. The method is public and
static, so any caller can pass an untrusted stream to it directly.
The practical impact is remote code execution against processes that
load SvmDoccatModel instances from untrusted or semi-trusted origins.
Mitigation:
3.x users should upgrade to 3.0.0-M4.
Users who cannot upgrade immediately should treat all serialized
SvmDoccatModel streams as untrusted input unless their provenance is
verified, and should avoid invoking SvmDoccatModel.deserialize() on
streams supplied by end users or fetched from third-party sources
without integrity checks.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/c7kom0pgk9cbpfnbo… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache OpenNLP :: Core :: ML :: LibSVM |
Affected:
3.0.0-M1 , < 3.0.0-M4
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-43825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T19:11:49.058504Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T19:12:08.131Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.opennlp:opennlp-ml-libsvm",
"product": "Apache OpenNLP :: Core :: ML :: LibSVM",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.0.0-M4",
"status": "affected",
"version": "3.0.0-M1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Subramanian S"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003eUntrusted Java Deserialization in Apache OpenNLP SvmDoccatModel\u003c/b\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eVersions Affected:\u003c/b\u003e\u003cbr\u003e\u0026nbsp; before 3.0.0-M4 (libsvm document categorization module; introduced in\u003cbr\u003e\u0026nbsp; OPENNLP-1808 and only present on the 3.x line)\u003cbr\u003e\u003cbr\u003e\u003cb\u003eDescription:\u003c/b\u003e\u003cbr\u003eSvmDoccatModel.deserialize(InputStream) reads an attacker-controlled\u003cbr\u003estream with java.io.ObjectInputStream and calls readObject() without an\u003cbr\u003eObjectInputFilter installed. ObjectInputStream materialises every class\u003cbr\u003ereferenced in the stream before the resulting object is cast to\u003cbr\u003eSvmDoccatModel, so the cast that follows readObject() executes only\u003cbr\u003eafter the foreign object graph has already been deserialised in full.\u003cbr\u003e\u003cbr\u003eIf a Java deserialization gadget chain is available on the consumer\u0027s\u003cbr\u003eclasspath, a crafted payload supplied to\u003cbr\u003edeserialize() executes arbitrary code in the JVM that loads it. Apache\u003cbr\u003eOpenNLP itself does not ship a known gadget chain, so the realistic\u003cbr\u003erisk is to downstream applications that embed the libsvm module\u003cbr\u003ealongside vulnerable transitive dependencies. The method is public and\u003cbr\u003estatic, so any caller can pass an untrusted stream to it directly.\u003cbr\u003e\u003cbr\u003eThe practical impact is remote code execution against processes that\u003cbr\u003eload SvmDoccatModel instances from untrusted or semi-trusted origins.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eMitigation:\u003c/b\u003e\u003cbr\u003e\u003cbr\u003e3.x users should upgrade to 3.0.0-M4.\u003cbr\u003e\u003cbr\u003eUsers who cannot upgrade immediately should treat all serialized\u003cbr\u003eSvmDoccatModel streams as untrusted input unless their provenance is\u003cbr\u003everified, and should avoid invoking SvmDoccatModel.deserialize() on\u003cbr\u003estreams supplied by end users or fetched from third-party sources\u003cbr\u003ewithout integrity checks.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Untrusted Java Deserialization in Apache OpenNLP SvmDoccatModel\n\nVersions Affected:\n\u00a0 before 3.0.0-M4 (libsvm document categorization module; introduced in\n\u00a0 OPENNLP-1808 and only present on the 3.x line)\n\nDescription:\nSvmDoccatModel.deserialize(InputStream) reads an attacker-controlled\nstream with java.io.ObjectInputStream and calls readObject() without an\nObjectInputFilter installed. ObjectInputStream materialises every class\nreferenced in the stream before the resulting object is cast to\nSvmDoccatModel, so the cast that follows readObject() executes only\nafter the foreign object graph has already been deserialised in full.\n\nIf a Java deserialization gadget chain is available on the consumer\u0027s\nclasspath, a crafted payload supplied to\ndeserialize() executes arbitrary code in the JVM that loads it. Apache\nOpenNLP itself does not ship a known gadget chain, so the realistic\nrisk is to downstream applications that embed the libsvm module\nalongside vulnerable transitive dependencies. The method is public and\nstatic, so any caller can pass an untrusted stream to it directly.\n\nThe practical impact is remote code execution against processes that\nload SvmDoccatModel instances from untrusted or semi-trusted origins.\n\nMitigation:\n\n3.x users should upgrade to 3.0.0-M4.\n\nUsers who cannot upgrade immediately should treat all serialized\nSvmDoccatModel streams as untrusted input unless their provenance is\nverified, and should avoid invoking SvmDoccatModel.deserialize() on\nstreams supplied by end users or fetched from third-party sources\nwithout integrity checks."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T15:42:04.928Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/c7kom0pgk9cbpfnbooh5m3g85ndf50hn"
}
],
"source": {
"defect": [
"OPENNLP-1823"
],
"discovery": "EXTERNAL"
},
"title": "Apache OpenNLP :: Core :: ML :: LibSVM: Unsafe Java Deserialization in SvmDoccatModel",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2026-43825",
"datePublished": "2026-07-06T15:42:04.928Z",
"dateReserved": "2026-05-02T08:57:20.984Z",
"dateUpdated": "2026-07-06T19:12:08.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-43825\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2026-07-06T17:16:31.570\",\"lastModified\":\"2026-07-06T20:16:33.393\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Untrusted Java Deserialization in Apache OpenNLP SvmDoccatModel\\n\\nVersions Affected:\\n\u00a0 before 3.0.0-M4 (libsvm document categorization module; introduced in\\n\u00a0 OPENNLP-1808 and only present on the 3.x line)\\n\\nDescription:\\nSvmDoccatModel.deserialize(InputStream) reads an attacker-controlled\\nstream with java.io.ObjectInputStream and calls readObject() without an\\nObjectInputFilter installed. ObjectInputStream materialises every class\\nreferenced in the stream before the resulting object is cast to\\nSvmDoccatModel, so the cast that follows readObject() executes only\\nafter the foreign object graph has already been deserialised in full.\\n\\nIf a Java deserialization gadget chain is available on the consumer\u0027s\\nclasspath, a crafted payload supplied to\\ndeserialize() executes arbitrary code in the JVM that loads it. Apache\\nOpenNLP itself does not ship a known gadget chain, so the realistic\\nrisk is to downstream applications that embed the libsvm module\\nalongside vulnerable transitive dependencies. The method is public and\\nstatic, so any caller can pass an untrusted stream to it directly.\\n\\nThe practical impact is remote code execution against processes that\\nload SvmDoccatModel instances from untrusted or semi-trusted origins.\\n\\nMitigation:\\n\\n3.x users should upgrade to 3.0.0-M4.\\n\\nUsers who cannot upgrade immediately should treat all serialized\\nSvmDoccatModel streams as untrusted input unless their provenance is\\nverified, and should avoid invoking SvmDoccatModel.deserialize() on\\nstreams supplied by end users or fetched from third-party sources\\nwithout integrity checks.\"}],\"affected\":[{\"source\":\"security@apache.org\",\"affectedData\":[{\"vendor\":\"Apache Software Foundation\",\"product\":\"Apache OpenNLP :: Core :: ML :: LibSVM\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://repo.maven.apache.org/maven2\",\"packageName\":\"org.apache.opennlp:opennlp-ml-libsvm\",\"versions\":[{\"version\":\"3.0.0-M1\",\"lessThan\":\"3.0.0-M4\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-07-06T19:11:49.058504Z\",\"id\":\"CVE-2026-43825\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/c7kom0pgk9cbpfnbooh5m3g85ndf50hn\",\"source\":\"security@apache.org\"}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…