Cyber Resilience

CVE-2026-0847

HighPublic PoCUpdated

Published: 04 March 2026

Published
04 March 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0075 50.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-0847 is a high-severity Path Traversal (CWE-22) vulnerability in Nltk Nltk. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 49.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as NLP Libraries; in the Privacy and Disclosure risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-0847 is a path traversal vulnerability (CWE-22) in NLTK versions up to and including 3.9.2. It affects multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader, which fail to properly sanitize or validate file paths. This enables attackers to traverse directories and access arbitrary files on the server where NLTK is deployed.

Remote unauthenticated attackers can exploit this vulnerability with low complexity, as indicated by its CVSS v3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Exploitation requires scenarios where user-controlled inputs are processed as file paths, such as in machine learning APIs, chatbots, or NLP pipelines. Successful attacks allow unauthorized reads of sensitive files, including system files, SSH private keys, and API tokens, and may escalate to remote code execution when combined with other vulnerabilities.

Mitigation details are available in the Huntr advisory at https://huntr.com/bounties/fc69914f-36a9-4c18-8503-10013b39f966.

This vulnerability is particularly critical for AI/ML and NLP applications relying on NLTK for corpus processing.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling attackers to traverse…

more

directories and access sensitive files on the server. This issue is particularly critical in scenarios where user-controlled file inputs are processed, such as in machine learning APIs, chatbots, or NLP pipelines. Exploitation of this vulnerability can lead to unauthorized access to sensitive files, including system files, SSH private keys, and API tokens, and may potentially escalate to remote code execution when combined with other vulnerabilities.

CWE(s)

AI Security AnalysisAI

AI Category
NLP Libraries
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: machine learning, nltk

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Path traversal in public-facing NLTK deployment enables remote exploitation (T1190) and direct unauthorized file reads including credentials (T1005, T1552.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-33236Same product: Nltk Nltk
CVE-2026-0846Same product: Nltk Nltk
CVE-2026-33231Same product: Nltk Nltk
CVE-2026-0848Same product: Nltk Nltk
CVE-2025-14009Same product: Nltk Nltk
CVE-2020-36939Shared CWE-22
CVE-2026-26217Shared CWE-22
CVE-2026-27305Shared CWE-22
CVE-2022-50992Shared CWE-22
CVE-2026-30952Shared CWE-22

Affected Assets

nltk
nltk
≤ 3.9.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 mandates information input validation at file path interfaces, directly preventing path traversal attacks by sanitizing user-controlled inputs in NLTK CorpusReader classes.

prevent

SI-2 requires timely flaw remediation, such as patching NLTK to versions beyond 3.9.2 to eliminate the path traversal vulnerability.

prevent

AC-6 enforces least privilege, limiting the damage from successful path traversal by restricting the application's access to sensitive files.

References