{"data":{"id":"5bc9c5ed-cbf7-4d36-81d0-bd2ec7f1d956","title":"CVE-2026-0847: A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple Cor","summary":"NLTK (a natural language processing library) versions up to 3.9.2 have a vulnerability called path traversal (where an attacker manipulates file paths to access files outside intended directories) in its CorpusReader classes. This allows attackers to read sensitive files on a server when the library processes user-provided file paths, potentially exposing private keys and tokens.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-0847","publishedAt":"2026-03-04T19:16:10.683Z","cveId":"CVE-2026-0847","cweIds":["CWE-22"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["NLTK"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00249,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}