Cyber Resilience

CVE-2026-0846

HighPublic PoCUpdated

Published: 09 March 2026

Published
09 March 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0036 27.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-0846 is a high-severity Absolute Path Traversal (CWE-36) vulnerability in Nltk Nltk. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 27.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as NLP Libraries; in the Privacy and Disclosure risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-0846 is a path traversal vulnerability (CWE-36) in the `filestring()` function of the `nltk.util` module in NLTK version 3.9.2. The function directly opens files specified by user input without proper path sanitization, enabling arbitrary file reads on the system hosting the affected software. This flaw affects applications using NLTK 3.9.2 that invoke `filestring()` with unsanitized inputs.

The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), allowing unauthenticated remote attackers to exploit it over the network with low complexity and no user interaction. Exploitation is feasible in scenarios where the function processes user-supplied paths, such as web APIs or other interfaces, granting attackers read access to sensitive system files via absolute paths or directory traversals.

Advisories on Huntr.com (https://huntr.com/bounties/007b84f8-418e-4300-99d0-bf504c2f97eb) provide details on the issue through a reported bounty.

NLTK, a Python library for natural language processing, has relevance to AI/ML workflows where vulnerable code may be deployed in data processing pipelines.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access…

more

sensitive system files by providing absolute paths or traversal paths. This vulnerability can be exploited locally or remotely, particularly in scenarios where the function is used in web APIs or other interfaces that accept user-supplied input.

CWE(s)

AI Security AnalysisAI

AI Category
NLP Libraries
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: nltk

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Path traversal enables direct arbitrary file reads from local system (T1005); exposed via web APIs/public apps allows exploitation of public-facing services (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-0847Same product: Nltk Nltk
CVE-2026-33231Same product: Nltk Nltk
CVE-2026-0848Same product: Nltk Nltk
CVE-2025-14009Same product: Nltk Nltk
CVE-2026-33236Same product: Nltk Nltk
CVE-2026-2753Shared CWE-36
CVE-2026-4373Shared CWE-36
CVE-2026-1330Shared CWE-36
CVE-2026-28414Shared CWE-36
CVE-2025-57790Shared CWE-36

Affected Assets

nltk
nltk
3.9.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates path traversal by requiring validation of user-supplied file paths before processing in the filestring() function.

prevent

Addresses the specific flaw in NLTK 3.9.2 by identifying, reporting, and applying timely remediation such as patching to a fixed version.

prevent

Limits damage from successful exploitation by enforcing least privilege on the hosting process, restricting read access to sensitive system files.

References