External risk intelligence

Apache OpenNLP allows attackers to run malicious code via crafted model files

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-42027

An external attacker can exploit a vulnerability in Apache OpenNLP by providing a malicious model file to execute unauthorized commands on your systems. This could result in the theft of sensitive business credentials or unauthorized access to internal files.

2Halo Surface Signal

Remote Code Execution

Apache Opennlp

before 2.5.93.0.0

External exposure likelihood

Halo Surface Signal score for CVE-2026-42027

Apache OpenNLP is a library typically embedded in backend systems or internal data pipelines. It is not an internet-facing service, gateway, or appliance by design. Public reachability requires the specific hosting application to ingest models from untrusted external sources, which is not the standard default deployment pattern.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

An issue in Apache OpenNLP's ExtensionLoader allows an attacker to run arbitrary code by providing a specially crafted model archive. This could lead to serious system compromise, as the loader executes code before verifying its type. Teams should pay close attention because this vulnerability affects how models are loaded and can be triggered by external inputs.

  • Can run unintended code.
  • Affects model loading processes.
  • Requires attacker-controlled input.

Attack Path

How an attacker could exploit the issue

An attacker can exploit this by crafting a malicious model archive. When the vulnerable OpenNLP ExtensionLoader attempts to load a model, it will instantiate any class specified in the model's manifest, triggering its static initializer. This allows arbitrary code execution if a class with malicious side effects is present on the classpath.

  • Attacker supplies model archive.
  • Static initializer executes code.
  • Targets classes on classpath.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability allows arbitrary class instantiation by tricking the `ExtensionLoader` into loading and executing the static initializer of a class from a crafted model archive. While not a direct remote code execution, it enables code execution if a class with malicious side effects is present on the classpath, with a secondary vector for classes with side-effecting constructors. Exploitation is more likely in environments that load models from untrusted, community-shared sources.

  • Attackers like the flexibility of static initializer execution.
  • Exploitation requires specific classpath conditions.
  • No known exploit code or KEV listing.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize upgrading Apache OpenNLP to versions 2.5.9 or 3.0.0-M3 to address the arbitrary class instantiation vulnerability. If immediate patching is not feasible, implement a strict allowlist for model packages.

  • Upgrade to version 2.5.9 or 3.0.0-M3.
  • Implement package allowlist before loading models.
  • Monitor for suspicious model loading activity.

Frequently asked questions

What is Apache OpenNLP used for?

Apache OpenNLP is a Java library that helps with natural language processing tasks. It provides tools for tasks like sentence detection, tokenization, part-of-speech tagging, and named entity extraction. These capabilities are used in applications that need to understand and process human language.

What is arbitrary class instantiation in CVE-2026-42027?

CVE-2026-42027 describes an arbitrary class instantiation vulnerability. This means an attacker can trick Apache OpenNLP's ExtensionLoader into loading and running code from a class that wasn't intended to be loaded. This happens because the loader executes code before fully verifying the class's type, specifically by running its static initializer.

How can an attacker exploit this vulnerability?

An attacker needs to provide a specially crafted model archive to the vulnerable Apache OpenNLP ExtensionLoader. If a class with malicious side effects is present on the system's classpath, the attacker can cause its static initializer to run. A secondary, narrower path exists if a class with a side-effecting no-argument constructor is present and named in a malicious manifest.

Who needs to care about this Apache OpenNLP vulnerability?

Teams running Apache OpenNLP should care, especially if their applications load models from potentially untrusted sources, such as community model repositories. The Halo Surface Signal indicates this vulnerability is unlikely to be directly exposed to the internet but could be relevant if internal systems process external model files.

What is the first step to address this CVE?

The primary action is to upgrade Apache OpenNLP. Users of the 2.x versions should move to 2.5.9, and users of the 3.x versions should upgrade to 3.0.0-M3. If immediate upgrading is not possible, a package allowlist should be implemented before loading models.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified