cvedb.io
CVE-2026-23842
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2026-01-19T19:16:04.510 · Last modified 2026-06-17T10:22:11.350

Summary

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the get_response() method can exhaust the underlying SQLAlchemy connection pool, resulting in persistent service unavailability and requiring a manual restart to recover. Version 1.2.11 fixes the issue.

Affected products

chatterbot — chatterbot

Does this affect you?

Add your gear to cvedb and we'll alert you only when chatterbot ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.