CVE-2026-0846

HIGH

nltk < 3.9.3 - Arbitrary File Read via filestring() Function

Title source: llm

Description

A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by providing absolute paths or traversal paths. This vulnerability can be exploited locally or remotely, particularly in scenarios where the function is used in web APIs or other interfaces that accept user-supplied input.

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://huntr.com/bounties/007b84f8-418e-4300-99d0-bf504c2f97eb

Scores

CVSS v3 7.5

EPSS 0.0036

EPSS Percentile 27.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-36

Status published

Products (3)

nltk/nltk 3.9.2

nltk/nltk/nltk unspecified - latest

pypi/nltk 0 - 3.9.3PyPI

Published Mar 09, 2026

Tracked Since Mar 10, 2026