Vulnerability Description
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the get_response() method can exhaust the underlying SQLAlchemy connection pool, resulting in persistent service unavailability and requiring a manual restart to recover. Version 1.2.11 fixes the issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chatterbot | Chatterbot | < 1.2.11 |
Related Weaknesses (CWE)
References
- https://github.com/gunthercox/ChatterBot/commit/de89fe648139f8eeacc998ad4524fab2Patch
- https://github.com/gunthercox/ChatterBot/pull/2432Issue Tracking
- https://github.com/gunthercox/ChatterBot/releases/tag/1.2.11ProductRelease Notes
- https://github.com/gunthercox/ChatterBot/security/advisories/GHSA-v4w8-49pv-mf72ExploitVendor Advisory
- https://github.com/user-attachments/assets/4ee845c4-b847-4854-84ec-4b2fb2f7090fExploit
FAQ
What is CVE-2026-23842?
CVE-2026-23842 is a vulnerability with a CVSS score of 7.5 (HIGH). ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database sess...
How severe is CVE-2026-23842?
CVE-2026-23842 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-23842?
Check the references section above for vendor advisories and patch information. Affected products include: Chatterbot Chatterbot.