CVE-2026-58198: ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrai
Summary
ChatterBot versions before 1.2.14 have a vulnerability where the UbuntuCorpusTrainer.extract() function uses a predictable directory path (~/ubuntu_data/ubuntu_dialogs) and a check-then-create pattern, allowing a local attacker (someone with access to the same computer) to plant a symlink (a shortcut pointing to another location) at that path and trick the software into writing files to an attacker-controlled directory instead.
Solution / Mitigation
Update to version 1.2.14, where this issue is fixed.
Vulnerability Details
5.5(medium)
EPSS: 0.0%
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
local
low
low
none
July 9, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-58198
First tracked: July 9, 2026 at 08:10 PM
Classified by LLM (prompt v3) · confidence: 85%