📄 NLTK 3.9.2 Arbitrary File Read / Path Traversal

NLTK versions 3.9.2 and below suffer from an arbitrary file read issue due to a path traversal vulnerability. CVE-2026-0847 — NLTK Multiple CorpusReader Classes: Arbitrary File Read via Path Traversal --- Overview | Field | Details | |---|---| | CVE ID | CVE-2026-0847 | | Package | nltk Natural...

CVE-2026-0847

A flaw was found in NLTK Natural Language Toolkit. This vulnerability allows a remote attacker to read arbitrary files on the server due to improper sanitization of file paths in several CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. By...

SUSE CVE-2026-0847

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...

EUVD-2026-9475

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...

NLTK has a Path Traversal issue

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...

PYSEC-2026-98

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...

CVE-2026-0847

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...

DEBIAN-CVE-2026-0847

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...

CVE-2026-0847

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...

UBUNTU-CVE-2026-0847

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...

CVE-2026-0847 Path Traversal in nltk/nltk

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...

CVE-2026-0847 Path Traversal in nltk/nltk

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...

CVE-2026-0847

NLTK up to 3.9.2 contains a path traversal vulnerability in CorpusReader classes (WordListCorpusReader, TaggedCorpusReader, BracketParseCorpusReader) that can lead to arbitrary file reads on the server. Root cause is improper sanitization/validation of file paths, enabling access to sensitive fil...

CVE-2026-0847

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...

CVE-2026-0847

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...

NLTK 路径遍历漏洞

NLTK is an open-source natural language toolkit developed by NLTK. It is used to support research and development in natural language processing. NLTK versions 3.9.2 and earlier contained a path traversal vulnerability. This vulnerability stemmed from multiple CorpusReader classes not properly...

NLTK – Multiple CorpusReader classes allow Arbitrary File Read via Path Traversal

This report is not public...

Arbitrary File Read via FileSystemPathPointer + PlaintextCorpusReader (bypass even if nltk.data.find() is patched

This report is not public...