A vulnerability was found in Apache OpenNLP up to 3.0.0-M3. It has been declared as critical. Impacted is the function SvmDoccatModel.deserialize of the component Libsvm Module. Executing a manipulation can lead to deserialization.

This vulnerability is registered as CVE-2026-43825. It is possible to launch the attack remotely. No exploit is available.