Platform
python
Component
nltk
Fixed in
3.9.3
CVE-2026-0847 is a Remote Code Execution (RCE) vulnerability affecting the Natural Language Toolkit (NLTK) versions up to and including 3.9.2. This flaw stems from improper file path sanitization within several CorpusReader classes, allowing attackers to read sensitive files via path traversal. The vulnerability poses a significant risk to applications utilizing NLTK, particularly those handling user-provided file inputs in machine learning or natural language processing workflows. A patched version is available to resolve this issue.
The core of this vulnerability lies in the insufficient validation of file paths within NLTK's WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader classes. An attacker can craft malicious file paths containing directory traversal sequences (e.g., ../..) to bypass intended access restrictions. This allows them to read files outside the intended corpus directory, potentially exposing sensitive data such as configuration files, API keys, or even source code. The impact is amplified in environments where NLTK is integrated into web applications or APIs, as user-supplied data could be directly leveraged to trigger the path traversal. Successful exploitation could lead to complete compromise of the server hosting the NLTK application.
CVE-2026-0847 was publicly disclosed on 2026-03-04. There is no indication of it being added to the CISA KEV catalog or active exploitation campaigns at this time. Public proof-of-concept exploits are not yet available, but the path traversal nature of the vulnerability makes it likely that such exploits will emerge. The vulnerability's impact is heightened by the widespread use of NLTK in various NLP applications.
Exploit Status
EPSS
0.29% (52% percentile)
CISA SSVC
The primary mitigation for CVE-2026-0847 is to upgrade to a patched version of NLTK. The vendor has not released a specific fixed version in the input data. Until a patch is available, consider implementing strict input validation on all file paths used within NLTK CorpusReader classes. This should include whitelisting allowed characters and rejecting paths containing directory traversal sequences. Additionally, consider running NLTK applications within a sandboxed environment with limited file system access to restrict the potential blast radius of a successful exploit. Regularly review and update NLTK dependencies to ensure you are using the latest stable release.
Update the NLTK library to a version later than 3.9.2. This will fix the path traversal vulnerability. You can update using pip: `pip install --upgrade nltk`.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-0847 is a Remote Code Execution vulnerability in NLTK versions up to 3.9.2, allowing attackers to read arbitrary files through path traversal.
If you are using NLTK versions 3.9.2 or earlier, you are potentially affected by this vulnerability.
Upgrade to a patched version of NLTK. Until a patch is available, implement strict input validation on file paths.
There is currently no confirmed active exploitation of CVE-2026-0847, but the vulnerability's nature suggests potential for future exploitation.
Refer to the NLTK project's security advisories and release notes for updates regarding CVE-2026-0847.
CVSS Vector
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.