Nltk Nltk vulnerabilities

6 known vulnerabilities affecting nltk/nltk_nltk.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH4

Vulnerabilities

Page 1 of 1
CVE-2026-0846HIGHCVSS 8.6≥ unspecified, ≤ latest2026-03-09
CVE-2026-0846 [HIGH] CWE-36 CVE-2026-0846: A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allow A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by providing absolute paths or traversal paths. This vulner
nvd
CVE-2026-0848CRITICALCVSS 10.0≥ unspecified, ≤ latest2026-03-05
CVE-2026-0848 [CRITICAL] CWE-20 CVE-2026-0848: NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of arbitrary Java bytecode at import time. This vulnerabilit
nvd
CVE-2026-0847HIGHCVSS 8.6≥ unspecified, ≤ latest2026-03-04
CVE-2026-0847 [HIGH] CWE-22 CVE-2026-0847: A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path trave A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling attackers to traverse directories and access sensitive files o
nvd
CVE-2025-14009CRITICALCVSS 10.0≥ unspecified, ≤ latest2026-02-18
CVE-2025-14009 [CRITICAL] CWE-94 CVE-2025-14009: A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all version A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when downloaded and extracted by NLTK, can execute arbitrar
nvd
CVE-2021-3842HIGHCVSS 7.5≥ unspecified, < 3.6.62022-01-04
CVE-2021-3842 [HIGH] CWE-1333 CVE-2021-3842: nltk is vulnerable to Inefficient Regular Expression Complexity nltk is vulnerable to Inefficient Regular Expression Complexity
nvd
CVE-2021-3828HIGHCVSS 7.5≥ unspecified, ≤ 3.6.32021-09-27
CVE-2021-3828 [HIGH] CWE-1333 CVE-2021-3828: nltk is vulnerable to Inefficient Regular Expression Complexity nltk is vulnerable to Inefficient Regular Expression Complexity
nvd
Nltk Nltk vulnerabilities | cvebase