{"data":{"id":"57a53f63-8ad3-43c9-ba15-5f99f20dea91","title":"CVE-2026-58198: ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrai","summary":"ChatterBot versions before 1.2.14 have a vulnerability where the UbuntuCorpusTrainer.extract() function uses a predictable directory path (~/ubuntu_data/ubuntu_dialogs) and a check-then-create pattern, allowing a local attacker (someone with access to the same computer) to plant a symlink (a shortcut pointing to another location) at that path and trick the software into writing files to an attacker-controlled directory instead.","solution":"Update to version 1.2.14, where this issue is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-58198","publishedAt":"2026-07-09T19:17:06.933Z","cveId":"CVE-2026-58198","cweIds":["CWE-59","CWE-367"],"cvssScore":"5.5","cvssSeverity":"medium","severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["ChatterBot"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"local","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-09T19:17:06.933Z","capecIds":["CAPEC-27"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":["AML.T0010"]}}