Back

Multiple NLTK Vulnerabilities Discovered in Ubuntu Releases

Severity: High (Score: 70.5)

Sources: Ubuntu, Linuxsecurity

Published: 2026-05-26 · Updated: 2026-05-26

Keywords: ubuntu, nltk, issue, faces, significant, issues, usn-8302-1

Severity indicators: issue

Summary

Recent vulnerabilities in the Natural Language Toolkit (NLTK) have been identified, affecting several Ubuntu LTS versions including 18.04, 20.04, 22.04, 24.04, and 26.04. These vulnerabilities include improper file path validation (CVE-2026-0846, CVE-2026-0847) that could lead to information disclosure, and a failure to validate external Java archive files (CVE-2026-0848) that could allow arbitrary code execution. The issues were disclosed on May 25, 2026, and affect various components of NLTK, including the WordNet browser application, which is susceptible to cross-site scripting and denial of service attacks (CVE-2026-33230, CVE-2026-33231). Users are advised to update their systems to mitigate these risks. The vulnerabilities were published between March 4 and March 20, 2026, with proof of concepts available for some. The scope of impact is significant given the number of affected Ubuntu versions. Key Points: • NLTK vulnerabilities affect multiple Ubuntu LTS versions, risking sensitive data exposure. • CVE-2026-0848 allows arbitrary code execution via improperly validated Java archive files. • Users are urged to update to the latest package versions to mitigate these vulnerabilities.

Detailed Analysis

**Impact** Ubuntu users across multiple LTS releases (14.04 through 26.04) and their derivatives are affected. The vulnerabilities potentially expose sensitive information, enable arbitrary code execution, cross-site scripting, denial of service, and arbitrary file creation or overwriting. Affected sectors include any organizations relying on Ubuntu systems with NLTK installed, particularly those using natural language processing tools. The geographic scope is global, given Ubuntu’s widespread use. **Technical Details** Exploitation involves improper validation of file paths in the nltk.util module and CorpusReader classes (CVE-2026-0846, CVE-2026-0847), unsafe handling of external Java archives in StanfordSegmenter allowing arbitrary code execution (CVE-2026-0848), and vulnerabilities in the WordNet browser enabling cross-site scripting (CVE-2026-33230), denial of service via unrestricted shutdown endpoint access (CVE-2026-33231), and arbitrary file creation through unvalidated remote XML index files (CVE-2026-33236). Attackers could leverage these issues during initial access and execution stages of the kill chain. No specific malware or IOCs were reported. **Recommended Response** Apply the updated NLTK packages provided for each Ubuntu LTS release as soon as possible, available via Ubuntu Pro or standard updates (e.g., python3-nltk 3.9.2-1ubuntu0.1~esm2 for 26.04 LTS). Monitor for unusual file access patterns, unauthorized code execution attempts, and unexpected network activity related to NLTK components. Harden configurations by restricting access to the WordNet browser shutdown endpoint and validate all external inputs where feasible.

Source articles (2)

  • USN-8302-1: NLTK vulnerabilities — Ubuntu · 2026-05-25
    It was discovered that NLTK incorrectly validated file paths when opening files using the nltk.util module. An attacker could possibly use this issue to obtain sensitive information. ( CVE-2026-0846 )…
  • Ubuntu 26.04 NLTK Faces Significant Issues in 2026 — Linuxsecurity · 2026-05-25
    A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04…

Timeline

  • 2026-03-04 — CVE-2026-0847 published: NLTK's improper file path validation could lead to sensitive information exposure.
  • 2026-03-05 — CVE-2026-0848 published: NLTK fails to validate external Java archive files, risking arbitrary code execution.
  • 2026-03-09 — CVE-2026-0846 published: Improper file path validation in nltk.util could expose sensitive information.
  • 2026-03-20 — CVE-2026-33230 published: Cross-site scripting vulnerability in NLTK's WordNet browser application identified.
  • 2026-03-20 — CVE-2026-33236 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2026-03-20 — CVE-2026-33231 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2026-05-25 — Security notice published: Ubuntu issued USN-8302-1 detailing multiple vulnerabilities in NLTK.

CVEs

  • CVE-2026-0846
  • CVE-2026-0847
  • CVE-2026-0848
  • CVE-2026-33230
  • CVE-2026-33231
  • CVE-2026-33236

Related entities

  • Data Breach (Attack Type)
  • DDoS (Attack Type)
  • XSS (Vulnerability)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • CWE-22 - Path Traversal (Cwe)
  • Cwe-79 - Cross-site Scripting (xss) (Cwe)
  • T1203 - Exploitation for Client Execution (Mitre Attack)
  • Linux (Platform)
  • Ubuntu (Company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed