CVE-2026-40682 [Critical] | Input Validation Bypass in Opennlp

XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURE_SECURE_PROCESSING or disabling DTD processing. When create(InputStream, EntryInserter) is invoked, the only feature set on the XMLReader is namespace support — external entity resolution and DOCTYPE declarations remain fully enabled. An attacker who can supply a crafted dictionary file (e.g., a stop-word list or domain dictionary) containing a malicious DOCTYPE declaration can trigger local file disclosure via file:// entity references or server-side request forgery via http:// entity references during SAX parsing, before the application processes a single dictionary entry. This is inconsistent with the project's own XmlUtil.createSaxParser() helper, which correctly sets FEATURE_SECURE_PROCESSING and disallow-doctype-decl and is used by all other XML parsing paths in the codebase. The public Dictionary(InputStream) constructor delegates directly to this method and is the documented API for loading user-supplied dictionaries, making untrusted input a realistic scenario. Mitigation: 2.x users should upgrade to 2.5.9. 3.x users should upgrade to 3.0.0-M3. Users who cannot upgrade immediately should ensure that all dictionary files are sourced from trusted origins and should consider wrapping the Dictionary(InputStream) constructor with input validation that rejects any XML containing a DOCTYPE declaration before it reaches the parser.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	0.09%	0.40%	+0.32%
2	2026-05-07	0.03%	0.09%	+0.06%
3	2026-05-05	—	0.03%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

0.09%

0.40%

+0.32%

2026-05-07

0.03%

0.09%

+0.06%

2026-05-05

—

0.03%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
9.1	3.1	CRITICAL	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network—not just someone sitting at the machine. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:H) They could widely tamper with or forge data—trust in the data is badly hurt. Availability (A:N) Service keeps running; no real outage angle.	3.9	5.2	134c704f-9b21-4f2e-91b3-4a467353bcc0

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

9.1

3.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Click to expand

Attack vector (AV:N): Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N): No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H): Serious risk that confidential data gets exposed in a big way.
Integrity (I:H): They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:N): Service keeps running; no real outage angle.

3.9

5.2

134c704f-9b21-4f2e-91b3-4a467353bcc0

OS Trackers for CVE-2026-40682

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2026-40682 not yet assigned priority: Debian including 1 source packages (apache-opennlp), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): open 3, resolved 2.	https://security-tracker.debian.org/tracker/CVE-2026-40682
`ubuntu`	medium	CVE-2026-40682 medium priority: Ubuntu including 1 source packages (apache-opennlp), 6 status rows across 6 suites (focal, jammy, noble, questing, resolute, upstream): needs-triage 6.	https://ubuntu.com/security/CVE-2026-40682

Affected software / configurations for CVE-2026-40682

Vendor	Product	Version	Raw CPE
apache	opennlp	< 2.5.9	cpe:2.3:a:apache:opennlp::::::::
apache	opennlp	3.0.0	cpe:2.3:a:apache:opennlp:3.0.0:m1::::::
apache	opennlp	3.0.0	cpe:2.3:a:apache:opennlp:3.0.0:m2::::::

References for CVE-2026-40682

URL	Tags
https://lists.apache.org/thread/r6jpt0qr9nj67gqhppqg7jxf8vsbo0w6	Mailing List Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/05/01/19	Mailing List Third Party Advisory

URL

CVE-2026-40682 | Apache OpenNLP: XXE via Dictionary Parsing in DictionaryEntryPersistor

Exploit prediction scoring system (EPSS) score for CVE-2026-40682

Common vulnerability scoring system (CVSS) metrics for CVE-2026-40682

Weakness enumeration for CVE-2026-40682

GitHub Security Advisory for CVE-2026-40682

OS Trackers for CVE-2026-40682

Affected software / configurations for CVE-2026-40682

References for CVE-2026-40682