CVE-2026-23842: ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10
Summary
ChatterBot versions up to 1.2.10 have a vulnerability that causes denial-of-service (when a service becomes unavailable due to being overwhelmed), triggered when multiple concurrent calls to the get_response() method exhaust the SQLAlchemy connection pool (a group of reusable database connections). The service becomes unavailable and requires manual restart to recover.
Solution / Mitigation
Version 1.2.11 fixes the issue.
Vulnerability Details
7.5(high)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-23842
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 85%