CVE-2026-0846
HIGH
GHSA-h8wq-7xc4-p3qx
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4Blast Radius
ecosystem impact- 8 pypi packages depend on nltk (8 direct, 0 indirect)
Ecosystem-wide dependent count for version 3.9.3.
DescriptionNVD
A vulnerability in the filestring() function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by providing absolute paths or traversal paths. This vulnerability can be exploited locally or remotely, particularly in scenarios where the function is used in web APIs or other interfaces that accept user-supplied input.
AnalysisAI
Unsafe path handling in NLTK's filestring() function enables attackers to read arbitrary files on affected iOS and AI/ML systems through improper input validation. An unauthenticated attacker can exploit this over the network by supplying directory traversal or absolute paths to access sensitive data, with particular risk in deployments exposing the function through web APIs. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all systems and applications using NLTK 3.9.2 and assess exposure; document findings in your vulnerability management system and notify relevant application owners. Within 7 days: Implement compensating controls (disable filestring() function if unused, apply WAF rules to block suspicious file access patterns, restrict NLTK process permissions); evaluate upgrading to a patched version if available from vendor. …
Sign in for detailed remediation steps.
Vendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today