Critical Vulnerabilities Discovered in Apache OpenNLP, Including XXE Injection

Apache OpenNLP is a widely used Java natural‑language‑processing library for tasks such as text parsing and entity recognition. On 2 May 2026 the security community disclosed three vulnerabilities affecting versions up to 2.5.8 and 3.0.0‑M2.

CVE‑2026‑42440 – Denial‑of‑Service : The AbstractModelReader can crash when processing a maliciously crafted model file. An attacker only needs to supply a malformed model file, causing the processing thread to abort and effectively taking down any service that relies on real‑time document processing. No authentication is required.

CVE‑2026‑42027 – Privilege Escalation : The Model Manifest ExtensionLoader mishandles model manifest files, providing a path for privilege escalation. If an attacker can place a malicious model file on the target system and have it loaded, they may execute actions with higher privileges than the running account, a serious risk in multi‑tenant environments.

CVE‑2026‑40682 – XXE (External Entity) Injection : The Dictionary Parser fails to disable external entity references when parsing XML dictionary files. An attacker can craft a payload such as:

<!DOCTYPE dictionary [
  <!ENTITY xxe SYSTEM "file:///etc/passwd">
]>
<dictionary>
  <entry>
    <word>&xxe;</word>
  </entry>
</dictionary>

When OpenNLP loads this dictionary, the contents of /etc/passwd are injected into the parsing result, giving the attacker indirect file‑read capability and a potential remote code execution path if user‑supplied dictionaries are allowed.

Typical enterprise use cases for OpenNLP include automatic extraction of key information from contracts and reports, intent recognition in customer‑service chatbots, text classification for content moderation, and preprocessing for search‑engine indexing. If model or dictionary files originate from untrusted sources, these vulnerabilities can be directly exploited.

Recommended immediate actions: review all deployment scenarios, monitor the Apache OpenNLP security advisory for patched releases, validate the format of any externally supplied model or dictionary files, disable external entity processing before parsing XML, run the parser under a non‑privileged account without read access to sensitive files, and isolate the service in a dedicated container or sandbox to limit lateral movement.