Home / Vulnerability Intelligence / CVE-2026-0847

CVE-2026-0847 - Vulnerability Analysis

HighCVSS: 8.6

Last Updated: March 5, 2026

NLTK - Path Traversal

Published: March 4, 2026Updated: March 5, 2026Remote Exploitable

Overview

NLTK <= 3.9.2 contains a path traversal vulnerability caused by improper sanitization of file paths in multiple CorpusReader classes, letting attackers read arbitrary files, exploit requires user-controlled file inputs.

Severity & Score

Severity: High

CVSS Score: 8.6

EPSS Score: 18.9%(Probability of exploitation in next 30 days)

Impact

Attackers can read sensitive files, potentially leading to information disclosure and further exploitation.

Mitigation

Update to the latest version beyond 3.9.2.

References

https://huntr.com/bounties/fc69914f-36a9-4c18-8503-10013b39f966

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 4, 2026

🟠 CVE-2026-0847 - High (8.6) A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to prop... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0847/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-0847
Severity: High
CVSS Score: 8.6
Type: path_traversal
Status: unconfirmed
EPSS: 18.9%
Social Posts: 1

CWE

CWE-22

CVSS Metrics

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

EPSS Score

18.9%Probability of exploitation in the next 30 days