HIGH
nltk
CVE published 2026-06-22
CVE-2026-54293
CVE-2026-54293 is a high-severity path traversal vulnerability in the NLTK library. Prior to version 3.10.0-rc1, the nltk.data.load() function is vulnerable to path traversal attacks via URL-encoded path separators and traversal segments when using the nltk: URL scheme. This flaw allows an attacker to bypass security protections and read arbitrary files from the filesystem. The vulnerability is fixed in v [truncated]