Skip to main content

ChatterBot CVE-2026-58198

| EUVDEUVD-2026-42685 MEDIUM
Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
2026-07-09 GitHub_M
5.5
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
6.1 MEDIUM

Local low-privilege access required (AV:L, PR:L); I:L added over vendor vector because symlink redirect also deposits extracted files into unauthorized directories, constituting a write-anywhere primitive.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
4.0 AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Patch available
Jul 09, 2026 - 20:01 EUVD
Analysis Generated
Jul 09, 2026 - 19:06 vuln.today

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 7 pypi packages depend on chatterbot (6 direct, 1 indirect)

Ecosystem-wide dependent count for version 1.2.14.

DescriptionCVE.org

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract() uses a predictable home-rooted output directory (~/ubuntu_data/ubuntu_dialogs) with a check-then-create pattern followed by tar.extractall(path=self.data_path), allowing a local attacker who pre-plants a symlink at the predictable path to cause archive contents to be written through the symlink to an attacker-chosen directory. This issue is fixed in version 1.2.14.

AnalysisAI

Symlink-based extraction redirect in ChatterBot prior to 1.2.14 enables a local attacker with standard user privileges to cause training corpus archive contents to be written to an attacker-controlled directory by pre-planting a symlink at the predictable path ~/ubuntu_data/ubuntu_dialogs before UbuntuCorpusTrainer.extract() runs. The check-then-create pattern preceding tar.extractall() creates a CWE-367 TOCTOU window that, on shared multi-user systems, allows the attacker to intercept the extraction target without any race if the symlink is planted before the first training run. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Gain local user account on shared system
Delivery
Identify victim using UbuntuCorpusTrainer
Exploit
Pre-plant symlink at ~/ubuntu_data/ubuntu_dialogs before training run
Install
Victim invokes UbuntuCorpusTrainer.extract()
C2
tar.extractall() follows symlink without validation
Execute
Corpus archive contents written to attacker-chosen directory
Impact
Attacker reads redirected files or leverages write primitive

Vulnerability AssessmentAI

Exploitation Exploitation requires a local attacker with a valid user account on the same multi-user system as the victim. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) reflects local exploitation requiring only a standard user account, with low attack complexity given the predictable and stable target path. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local attacker on a shared Linux server - such as a shared development host or a university compute cluster - learns that a victim user periodically retrains a ChatterBot model using UbuntuCorpusTrainer. Before the victim's first training run, the attacker creates a symlink at ~/victim_home/ubuntu_data/ubuntu_dialogs (if they have write access to that path) or simply waits for the victim to attempt creation and wins the race, redirecting it to /tmp/attacker_drop or another world-writable location the attacker monitors. …
Remediation Upgrade to ChatterBot version 1.2.14 or later, which resolves the TOCTOU symlink vulnerability in UbuntuCorpusTrainer.extract() via fix commit 82817b5c28bfd43e682b991bcc76e6f780726dbf (PR #2445: https://github.com/gunthercox/ChatterBot/pull/2445). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-58198 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy