Description
A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling attackers to traverse directories and access sensitive files on the server. This issue is particularly critical in scenarios where user-controlled file inputs are processed, such as in machine learning APIs, chatbots, or NLP pipelines. Exploitation of this vulnerability can lead to unauthorized access to sensitive files, including system files, SSH private keys, and API tokens, and may potentially escalate to remote code execution when combined with other vulnerabilities.
Published: 2026-03-04
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized file read (potential RCE)
Action: Update NLTK
AI Analysis

Impact

The vulnerability is a classic path traversal flaw in the WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader classes of NLTK, allowing an attacker who can supply a file path to read any file on the system. The flaw arises because the library does not enforce restrictions on relative or absolute paths and does not sanitize user inputs. An attacker could read confidential files—including system files, private keys, and API tokens—which can lead to privilege escalation or, when combined with other weaknesses, remote code execution.

Affected Systems

The flaw exists in all NLTK releases up to and including 3.9.2. Users of the WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader who deploy these libraries in machine‑learning APIs, chatbots, or NLP pipelines are affected. Future use of newer, patched releases can mitigate this issue; however, for the affected versions, the vulnerability remains unless the code is hardened.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not yet listed in the CISA KEV catalog. Based on the description, the likely attack vector is local, requiring the attacker to influence user-supplied file paths used by the affected CorpusReader classes. The risk to confidentiality is significant, with the potential for sophisticated attackers to combine this flaw with other vulnerabilities to achieve remote code execution.

Generated by OpenCVE AI on April 16, 2026 at 13:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to an NLTK version that contains the fix, or apply any vendor‑released patches.
  • Implement strict validation or sanitization of file paths before passing them to CorpusReader classes.
  • If an upgrade is not possible at the moment, wrap CorpusReader usage in a custom layer that normalizes paths and enforces that they reside within a pre‑approved directory.
  • Limit or disable features that allow loading corpora from arbitrary locations, especially in publicly exposed API endpoints.

Generated by OpenCVE AI on April 16, 2026 at 13:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 10 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

threat_severity

Important

Thu, 05 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Nltk
Nltk nltk
Vendors & Products Nltk
Nltk nltk

Wed, 04 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling attackers to traverse directories and access sensitive files on the server. This issue is particularly critical in scenarios where user-controlled file inputs are processed, such as in machine learning APIs, chatbots, or NLP pipelines. Exploitation of this vulnerability can lead to unauthorized access to sensitive files, including system files, SSH private keys, and API tokens, and may potentially escalate to remote code execution when combined with other vulnerabilities.
Title Path Traversal in nltk/nltk
Weaknesses CWE-22
References
Metrics cvssV3_0

{'score': 8.6, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L'}

Subscriptions

Nltk Nltk
cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published:

Updated: 2026-03-04T18:49:55.238Z

Reserved: 2026-01-10T23:57:44.460Z

Link: CVE-2026-0847

cve-icon Vulnrichment

Updated: 2026-03-04T18:49:48.717Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-04T19:16:10.683

Modified: 2026-03-05T19:39:11.967

Link: CVE-2026-0847

cve-icon Redhat

Severity : Important

Publid Date: 2026-03-04T18:25:30Z

Links: CVE-2026-0847 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T13:30:16Z

Weaknesses