CVE-2026-0846 - Vulnerability Analysis
HighCVSS: 8.6Last Updated: March 11, 2026
nltk - Path Traversal
Overview
nltk 3.9.2 contains a path traversal caused by improper validation of input paths in the filestring() function of nltk.util, letting attackers read arbitrary files, exploit requires user-supplied input to filestring().
Severity & Score
Impact
Attackers can read arbitrary files, potentially exposing sensitive system information.
Mitigation
Update to the latest version of nltk.
Social Media Activity(2 posts)
π¨ CVE-2026-0846: HIGH severity absolute path traversal in nltk v3.9.2 (filestring()). Remote attackers can read files if user input isnβt sanitized. Patch when available & validate inputs! https://radar.offseq.com/threat/cve-2026-0846-cwe-36-absolute-path-traversal-in-nl-799595df #OffSeq #nltk #vuln #infosec
View original post
π CVE-2026-0846 - High (8.6) A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, en... π https://www.thehackerwire.com/vulnerability/CVE-2026-0846/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-0846
- Severity
- High
- CVSS Score
- 8.6
- Type
- path_traversal
- Status
- unconfirmed
- EPSS
- 7.7%
- Social Posts
- 2
CWE
- CWE-36
CVSS Metrics
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L