8.6
CVE-2026-0846
- EPSS 0.43%
- Veröffentlicht 09.03.2026 19:19:09
- Zuletzt bearbeitet 30.06.2026 03:17:03
- CVE-Watchlists
- Unerledigt
Arbitrary File Read via Absolute Path Input in nltk.util.filestring()
A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by providing absolute paths or traversal paths. This vulnerability can be exploited locally or remotely, particularly in scenarios where the function is used in web APIs or other interfaces that accept user-supplied input.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.43% | 0.343 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| security@huntr.dev | 8.6 | 3.9 | 4.7 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CWE-36 Absolute Path Traversal
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.
https://huntr.com/bounties/007b84f8-418e-4300-99d0-bf504c2f97eb
https://access.redhat.com/errata/RHSA-2026:10184
https://access.redhat.com/errata/RHSA-2026:19712
https://access.redhat.com/security/cve/CVE-2026-0846
https://bugzilla.redhat.com/show_bug.cgi?id=2445826
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0846.json