CVE-2022-36022: Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. Packages org.deeplearn
Summary
Deeplearning4J (a tool for building machine learning models on Java systems) versions up to 1.0.0-M2.1 have a vulnerability where some test code references unclaimed S3 buckets (cloud storage spaces that no longer belong to the original owner), which could potentially be exploited by attackers who claim those buckets. This mainly affects older natural language processing examples in the software.
Solution / Mitigation
Users should upgrade to snapshots (development versions) of Deeplearning4J. A full release with the fix is planned for a later date. As a workaround, download a word2vec Google News vector (a pre-trained language model) from a new source using git lfs (a system for managing large files in code repositories).
Vulnerability Details
5.3(medium)
EPSS: 0.2%
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-36022
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 85%