nltk
Behoben in
3.9.3
CVE-2026-0847 is a Remote Code Execution (RCE) vulnerability affecting the Natural Language Toolkit (NLTK) versions up to and including 3.9.2. This flaw stems from improper file path sanitization within several CorpusReader classes, allowing attackers to read sensitive files via path traversal. The vulnerability poses a significant risk to applications utilizing NLTK, particularly those handling user-provided file inputs in machine learning or natural language processing workflows. A patched version is available to resolve this issue.
The vulnerability stems from inadequate sanitization of file paths within NLTK's WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader classes. An attacker can craft malicious file paths containing directory traversal sequences (e.g., ../..) to bypass intended access restrictions. This enables them to read sensitive files located outside the intended corpus directory, potentially exposing configuration files, source code, or other confidential data. The impact is particularly severe in environments where user-provided data is used to construct file paths within these classes, as this provides a direct attack vector. Successful exploitation could lead to data breaches, system compromise, and potentially further lateral movement within the affected network.
CVE-2026-0847 was publicly disclosed on 2026-03-04. There are currently no known public proof-of-concept exploits. The EPSS score is pending evaluation. It is not currently listed on the CISA KEV catalog. Given the RCE nature and the potential for easy exploitation through path traversal, it is advisable to prioritize patching.
Applications and systems utilizing NLTK for natural language processing tasks, particularly those that accept user-provided file inputs, are at risk. This includes machine learning APIs, chatbots, and NLP pipelines. Developers who have built custom corpus readers or extended NLTK functionality without proper input validation are also at increased risk.
• python / server:
import os
import glob
# Check for suspicious file paths in NLTK corpus readers
corpus_root = '/path/to/nltk/corpus'
for filename in glob.glob(os.path.join(corpus_root, '**', '*')): # Recursive search
if '..' in filename:
print(f'Suspicious file path found: {filename}')• linux / server:
# Monitor NLTK process for unusual file access patterns
journalctl -u nltk -f | grep -i 'open|read' | grep '..'disclosure
Exploit-Status
EPSS
0.29% (52% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to upgrade to a patched version of NLTK. The vendor has not released a specific fixed version as of this writing, but it is recommended to monitor the NLTK project's website and GitHub repository for updates. As a temporary workaround, implement strict input validation on any user-provided file paths used within NLTK CorpusReader classes. This should include whitelisting allowed characters and rejecting paths containing directory traversal sequences. Consider using a WAF or proxy to filter requests containing suspicious file path patterns. After upgrade, confirm by attempting to access a restricted file via a CorpusReader and verifying that access is denied.
Aktualisieren Sie die NLTK-Bibliothek auf eine Version, die neuer als 3.9.2 ist. Dies behebt die Path-Traversal-Schwachstelle. Sie können mit pip aktualisieren: `pip install --upgrade nltk`.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-0847 is a Remote Code Execution vulnerability in NLTK versions up to 3.9.2, allowing attackers to read arbitrary files through path traversal.
If you are using NLTK versions 3.9.2 or earlier, you are potentially affected by this vulnerability.
Upgrade to a patched version of NLTK. Until a patch is available, implement strict input validation on file paths.
There is currently no confirmed active exploitation of CVE-2026-0847, but the vulnerability's nature suggests potential for future exploitation.
Refer to the NLTK project's security advisories and release notes for updates regarding CVE-2026-0847.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.