ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the get_response() method can exhaust the underlying SQLAlchemy connection pool, resulting in persistent service unavailability and requiring a manual restart to recover.
ChatterBot relies on SQLAlchemy for database access and uses a connection pool with default limits. The get_response() method does not enforce concurrency limits, rate limiting, or explicit session lifecycle controls.
When multiple threads concurrently invoke get_response(), database connections are rapidly consumed and not released in a timely manner. This leads to exhaustion of the SQLAlchemy QueuePool, causing subsequent requests to block and eventually fail with a TimeoutError.
This issue can be triggered without authentication in deployments where ChatterBot is exposed as a chatbot service, making it exploitable by remote attackers to cause denial of service.
PoC Video:
https://github.com/user-attachments/assets/4ee845c4-b847-4854-84ec-4b2fb2f7090f
from chatterbot import ChatBot
import threading
bot = ChatBot("dos-test")
def attack():
bot.get_response("hello")
threads = []
for _ in range(30):
t = threading.Thread(target=attack)
t.start()
threads.append(t)
for t in threads:
t.join()
This vulnerability allows an attacker to trigger a denial-of-service condition by exhausting the database connection pool. Once triggered, the chatbot becomes unresponsive to legitimate users and requires a manual restart to restore functionality.
All deployments of ChatterBot version 1.2.10 or earlier that allow concurrent access to the get_response() method are impacted.
| Score | Percentile |
|---|---|
| 0.03% | 9.87% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 7.5 | 3.1 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-v4w8-49pv-mf72 ↗ |
| CVE | CVE-2026-23842 ↗ |
| CWE id | Name |
|---|---|
| CWE-400 | Uncontrolled Resource Consumption |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| pip | chatterbot | <= 1.2.10 | 1.2.11 | — |