CVE-2026-33236 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: March 23, 2026
NLTK - Path Traversal
Overview
NLTK <= 3.9.3 contains a path traversal vulnerability caused by improper validation of 'subdir' and 'id' attributes in remote XML index files, letting attackers create or overwrite arbitrary files remotely, exploit requires attacker-controlled XML index server.
Severity & Score
Impact
Attackers can create, overwrite, or modify arbitrary files on the system, potentially leading to code execution or system compromise.
Mitigation
Update to a version including commit 89fe2ec2c6bae6e2e7a46dad65cc34231976ed8a or later.
References
Social Media Activity(1 post)
š CVE-2026-33236 - High (8.1) NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the `subdir` ... š https://www.thehackerwire.com/vulnerability/CVE-2026-33236/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-33236
- Severity
- High
- CVSS Score
- 8.1
- Type
- path_traversal
- Status
- confirmed
- EPSS
- 4.0%
- Social Posts
- 1
CWE
- CWE-22
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H