Path Traversal Vulnerability in NLTK Library by Natural Language Toolkit
CVE-2026-0847
Key Information:
Badges
What is CVE-2026-0847?
A critical flaw in the NLTK library enables path traversal attacks through multiple CorpusReader classes, such as WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These components do not adequately sanitize file paths, allowing unauthorized users to navigate through directories and access sensitive files stored on the server. This vulnerability is particularly dangerous when user-controlled file inputs are handled, which is common in machine learning APIs or NLP applications. Exploitation could lead to unauthorized exposure of sensitive data, including SSH private keys and API tokens, and may facilitate larger exploits, such as remote code execution.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
nltk/nltk <= unspecified
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.