CVE-2026-33236

A flaw was found in NLTK Natural Language Toolkit, a suite of open-source Python modules for Natural Language Processing. The NLTK downloader does not validate subdir and id attributes when processing remote XML index files. A remote attacker can exploit this path traversal vulnerability by...

GHSA-469J-VMHF-R6V7 NLTK has a Downloader Path Traversal Vulnerability (AFO) - Arbitrary File Overwrite

Vulnerability Description The NLTK downloader does not validate the subdir and id attributes when processing remote XML index files. Attackers can control a remote XML index server to provide malicious values containing path traversal sequences such as ../, which can lead to: 1. Arbitrary Directo...

NLTK has a Downloader Path Traversal Vulnerability (AFO) - Arbitrary File Overwrite

Vulnerability Description The NLTK downloader does not validate the subdir and id attributes when processing remote XML index files. Attackers can control a remote XML index server to provide malicious values containing path traversal sequences such as ../, which can lead to: 1. Arbitrary Directo...

PT-2026-26300

Name of the Vulnerable Software and Affected Versions NLTK versions 3.9.3 and prior Description NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. The NLTK downloader does not validat...