PatchSiren cyber security CVE debrief
CVE-2026-0847 nltk CVE debrief
CVE-2026-0847 is a high-severity vulnerability in the Natural Language Toolkit (NLTK) library, affecting versions up to and including 3.9.2. The vulnerability is caused by multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader, failing to properly sanitize or validate file paths. This allows attackers to traverse directories and access sensitive files on the server. The issue is particularly critical in scenarios where user-controlled file inputs are processed, such as in machine learning APIs, chatbots, or NLP pipelines. Exploitation of this vulnerability can lead to unauthorized access to sensitive files, including system files, SSH private keys, and API tokens. In some cases, it may potentially escalate to remote code execution when combined with other vulnerabilities.
- Vendor
- nltk
- Product
- nltk/nltk
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-04
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-03-04
- Advisory updated
- 2026-06-30
Who should care
Organizations using NLTK versions up to and including 3.9.2 should prioritize patching this vulnerability. This includes developers and administrators working with machine learning APIs, chatbots, or NLP pipelines that process user-controlled file inputs. Additionally, security teams responsible for monitoring and protecting sensitive files and systems should be aware of the potential risks associated with this vulnerability.
Technical summary
The vulnerability is caused by improper sanitization or validation of file paths in multiple CorpusReader classes within the NLTK library. Specifically, the WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader classes are affected. Attackers can exploit this vulnerability to traverse directories and access sensitive files on the server. The CVSS score for this vulnerability is 7.5, indicating a high severity level. The vulnerability is classified under CWE-22, which refers to Improper Limitation of a Pathname to a Restricted Directory.
Defensive priority
High priority should be given to patching this vulnerability, especially in environments where user-controlled file inputs are processed. Immediate action is recommended to prevent potential unauthorized access to sensitive files and systems.
Recommended defensive actions
- Update NLTK to a version beyond 3.9.2.
- Implement proper input validation and sanitization for file paths.
- Monitor and restrict access to sensitive files and systems.
- Conduct regular security audits and vulnerability assessments.
- Consider implementing compensating controls, such as Web Application Firewalls (WAFs), to detect and prevent potential attacks.
Evidence notes
The CVE record and NVD detail provide official information about the vulnerability. Multiple references from Red Hat and a security advisory from Huntr offer additional context and potential mitigations. However, the exact scope of affected systems and comprehensive details about exploitation are limited in the provided sources.
Official resources
-
CVE-2026-0847 CVE record
CVE.org
-
CVE-2026-0847 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.