A vulnerability categorized as critical has been discovered in nltk up to 3.9.3. This vulnerability affects the function StanfordPOSTagger/StanfordNERTagger/StanfordParser/StanfordDependencyParser/StanfordNeuralDependencyParser of the component Stanford Interface. Executing a manipulation can lead to code injection.

This vulnerability appears as CVE-2026-12252. The attack requires local access. There is no available exploit.

It is advisable to upgrade the affected component.