CVE-2026-0847
Published: 04 March 2026
Summary
CVE-2026-0847 is a high-severity Path Traversal (CWE-22) vulnerability in Nltk Nltk. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as NLP Libraries.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in public-facing NLTK deployment enables remote exploitation (T1190) and direct unauthorized file reads including credentials (T1005, T1552.001).
NVD Description
A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling attackers to traverse…
more
directories and access sensitive files on the server. This issue is particularly critical in scenarios where user-controlled file inputs are processed, such as in machine learning APIs, chatbots, or NLP pipelines. Exploitation of this vulnerability can lead to unauthorized access to sensitive files, including system files, SSH private keys, and API tokens, and may potentially escalate to remote code execution when combined with other vulnerabilities.
Deeper analysisAI
CVE-2026-0847 is a path traversal vulnerability (CWE-22) in NLTK versions up to and including 3.9.2. It affects multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader, which fail to properly sanitize or validate file paths. This enables attackers to traverse directories and access arbitrary files on the server where NLTK is deployed.
Remote unauthenticated attackers can exploit this vulnerability with low complexity, as indicated by its CVSS v3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Exploitation requires scenarios where user-controlled inputs are processed as file paths, such as in machine learning APIs, chatbots, or NLP pipelines. Successful attacks allow unauthorized reads of sensitive files, including system files, SSH private keys, and API tokens, and may escalate to remote code execution when combined with other vulnerabilities.
Mitigation details are available in the Huntr advisory at https://huntr.com/bounties/fc69914f-36a9-4c18-8503-10013b39f966.
This vulnerability is particularly critical for AI/ML and NLP applications relying on NLTK for corpus processing.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- NLP Libraries
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: machine learning