CVE-2026-0847
📋 TL;DR
This vulnerability in NLTK allows attackers to read arbitrary files on the server through path traversal attacks in multiple CorpusReader classes. It affects any system using vulnerable NLTK versions where user-controlled file inputs are processed, such as machine learning APIs, chatbots, or NLP pipelines.
💻 Affected Systems
- Natural Language Toolkit (NLTK)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise through reading SSH private keys, API tokens, or configuration files, potentially leading to remote code execution when combined with other vulnerabilities.
Likely Case
Unauthorized access to sensitive files including application source code, configuration files, and credentials stored on the server.
If Mitigated
Limited impact with proper input validation and file access restrictions in place.
🎯 Exploit Status
Exploitation requires user-controlled input to vulnerable CorpusReader methods. The vulnerability is well-documented in the public bounty report.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.9.3 or later
Vendor Advisory: https://huntr.com/bounties/fc69914f-36a9-4c18-8503-10013b39f966
Restart Required: No
Instructions:
1. Upgrade NLTK to version 3.9.3 or later using pip: pip install --upgrade nltk>=3.9.3
2. Verify the upgrade completed successfully
3. Test affected functionality to ensure compatibility
🔧 Temporary Workarounds
Input Validation Wrapper
allImplement custom input validation to sanitize file paths before passing to CorpusReader classes
File Access Restrictions
linuxRun NLTK in a restricted environment with limited file system access
chroot /safe/path
docker run --read-only -v /safe/data:/data nltk-app
🧯 If You Can't Patch
- Implement strict input validation for all user-controlled file paths
- Run NLTK in a containerized environment with minimal file system access
🔍 How to Verify
Check if Vulnerable:
Check NLTK version and review code for use of vulnerable CorpusReader classes with user inputCheck Version:
python -c "import nltk; print(nltk.__version__)"Verify Fix Applied:
Verify NLTK version is 3.9.3 or later and test path traversal attempts are blocked📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns from NLTK processes
- Path traversal patterns in input logs
Network Indicators:
- Multiple failed file access attempts from single source
SIEM Query:
source="application.log" AND "CorpusReader" AND (".." OR "/etc/" OR "/root/")