Skip to content
Verified reproduction

CVE-2026-43825: Apache OpenNLP SvmDoccatModel unsafe deserialization

CVE-2026-43825 is verified against apache/opennlp · github affected versions: 3.0.0-M1 before 3.0.0-M4 (only on 3.x line; introduced in OPENNLP-1808) fixed version: 3.0.0-M4 vulnerability class: Deserialization This high reproduction includes runnable sandbox proof, artifacts, and a plain-text agent view under REPRO-2026-00279.

REPRO-2026-00279 apache/opennlp · github Deserialization Variant found Jul 9, 2026 .txt
Severity HIGH
Confidence HIGH
Reproduced in 14m 59s
Tool calls 168
Spend $2.27
Affected 3.0.0-M1 before 3.0.0-M4 (only on 3.x line; introduced in OPENNLP-1808)
Fixed in 3.0.0-M4
$ pruva-verify REPRO-2026-00279
or curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00279/artifacts/bundle/repro/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh
Run in a VM or disposable container. This exploits a real vulnerability.
02 · The vulnerability

Apache OpenNLP 3.x before 3.0.0-M4 contains an unsafe deserialization path in SvmDoccatModel.deserialize(InputStream). The method uses ObjectInputStream.readObject() on attacker-controlled serialized data before any filtering or validation, allowing gadget-chain execution on the consumer's classpath. The issue is in org.apache.opennlp:opennlp-ml-libsvm and is fixed in 3.0.0-M4 with ObjectInputFilter and resource limits.

03 · Root cause
Variant analysis
04 · Reproduction transcript

The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.

Loading session...

05 · Artifacts

Scripts, logs, diffs, and output captured during the reproduction.