Description
Untrusted Java Deserialization in Apache OpenNLP SvmDoccatModel

Versions Affected:
  before 3.0.0-M4 (libsvm document categorization module; introduced in
  OPENNLP-1808 and only present on the 3.x line)

Description:
SvmDoccatModel.deserialize(InputStream) reads an attacker-controlled
stream with java.io.ObjectInputStream and calls readObject() without an
ObjectInputFilter installed. ObjectInputStream materialises every class
referenced in the stream before the resulting object is cast to
SvmDoccatModel, so the cast that follows readObject() executes only
after the foreign object graph has already been deserialised in full.

If a Java deserialization gadget chain is available on the consumer's
classpath, a crafted payload supplied to
deserialize() executes arbitrary code in the JVM that loads it. Apache
OpenNLP itself does not ship a known gadget chain, so the realistic
risk is to downstream applications that embed the libsvm module
alongside vulnerable transitive dependencies. The method is public and
static, so any caller can pass an untrusted stream to it directly.

The practical impact is remote code execution against processes that
load SvmDoccatModel instances from untrusted or semi-trusted origins.

Mitigation:

3.x users should upgrade to 3.0.0-M4.

Users who cannot upgrade immediately should treat all serialized
SvmDoccatModel streams as untrusted input unless their provenance is
verified, and should avoid invoking SvmDoccatModel.deserialize() on
streams supplied by end users or fetched from third-party sources
without integrity checks.
Published: 2026-07-06
Score: 7.3 High
EPSS: 4.8% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability stems from unsafe Java deserialization in the SvmDoccatModel.deserialize method. The method reads an InputStream with java.io.ObjectInputStream and calls readObject() without installing an ObjectInputFilter. During deserialization, every class referenced in the stream is materialised before the resulting object is cast to SvmDoccatModel. If an attacker supplies a crafted serialization stream that contains a deserialization gadget chain present on the application's classpath, the chain can be executed before the casting step, yielding arbitrary code execution in the JVM that loads the model.

Affected Systems

Apache OpenNLP Core ML LibSVM from the Apache Software Foundation is affected. All releases before 3.0.0-M4 (the 3.x series) contain the unsafe deserialization point. The issue was introduced with OPENNLP‑1808 and remains until the 3.0.0‑M4 release. Applications that embed this module and load SvmDoccatModel instances from external or partially trusted sources are consequently vulnerable.

Risk and Exploitability

The CVSS score of 7.3 indicates a high severity vulnerability. The EPSS score of 5% indicates a measurable risk of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited observed exploitation. The likely attack vector is remote: a public static method can be invoked with an attacker‑controlled stream sent over a network or sourced from a malicious file. Exploitation requires a suitable gadget chain on the application's classpath; without such a chain the practical risk is confined to environments that include vulnerable transitive dependencies. Due to the absence of a filter during deserialization, any caller can trigger the vulnerability if untrusted data is deserialised.

Generated by OpenCVE AI on July 8, 2026 at 05:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Apache OpenNLP to version 3.0.0-M4 or newer, which removes the unsafe deserialization path.
  • If an upgrade is not immediately possible, restrict calls to SvmDoccatModel.deserialize() so that only streams with verified provenance (e.g., signed or checksummed data) are processed.
  • Implement input source validation or integrity checks for all serialized SvmDoccatModel streams before passing them to the deserialize method.
  • Eliminate or replace the vulnerable libsvm module from the classpath if it is not required for the application.

Generated by OpenCVE AI on July 8, 2026 at 05:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Jul 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Mon, 06 Jul 2026 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache opennlp
Vendors & Products Apache
Apache opennlp

Mon, 06 Jul 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 16:45:00 +0000

Type Values Removed Values Added
Description Untrusted Java Deserialization in Apache OpenNLP SvmDoccatModel Versions Affected:   before 3.0.0-M4 (libsvm document categorization module; introduced in   OPENNLP-1808 and only present on the 3.x line) Description: SvmDoccatModel.deserialize(InputStream) reads an attacker-controlled stream with java.io.ObjectInputStream and calls readObject() without an ObjectInputFilter installed. ObjectInputStream materialises every class referenced in the stream before the resulting object is cast to SvmDoccatModel, so the cast that follows readObject() executes only after the foreign object graph has already been deserialised in full. If a Java deserialization gadget chain is available on the consumer's classpath, a crafted payload supplied to deserialize() executes arbitrary code in the JVM that loads it. Apache OpenNLP itself does not ship a known gadget chain, so the realistic risk is to downstream applications that embed the libsvm module alongside vulnerable transitive dependencies. The method is public and static, so any caller can pass an untrusted stream to it directly. The practical impact is remote code execution against processes that load SvmDoccatModel instances from untrusted or semi-trusted origins. Mitigation: 3.x users should upgrade to 3.0.0-M4. Users who cannot upgrade immediately should treat all serialized SvmDoccatModel streams as untrusted input unless their provenance is verified, and should avoid invoking SvmDoccatModel.deserialize() on streams supplied by end users or fetched from third-party sources without integrity checks.
Title Apache OpenNLP :: Core :: ML :: LibSVM: Unsafe Java Deserialization in SvmDoccatModel
Weaknesses CWE-502
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2026-07-06T20:38:00.073Z

Reserved: 2026-05-02T08:57:20.984Z

Link: CVE-2026-43825

cve-icon Vulnrichment

Updated: 2026-07-06T20:38:00.073Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-07-06T15:42:04Z

Links: CVE-2026-43825 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-07-08T05:45:03Z

Weaknesses
  • CWE-502

    Deserialization of Untrusted Data