CVE-2026-33236 in NLTK
Summary
by MITRE • 03/21/2026
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the `subdir` and `id` attributes when processing remote XML index files. Attackers can control a remote XML index server to provide malicious values containing path traversal sequences (such as `../`), which can lead to arbitrary directory creation, arbitrary file creation, and arbitrary file overwrite. Commit 89fe2ec2c6bae6e2e7a46dad65cc34231976ed8a patches the issue.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/28/2026
The vulnerability identified as CVE-2026-33236 affects the NLTK (Natural Language Toolkit) Python library, specifically impacting versions 3.9.3 and earlier. This issue resides within the NLTK downloader component that processes remote XML index files to manage package installations and updates. The flaw represents a critical path traversal vulnerability that stems from insufficient validation of metadata attributes within the XML index files. The vulnerability manifests when the downloader fails to properly sanitize the `subdir` and `id` attributes, allowing remote attackers to manipulate these values through a compromised XML index server. This weakness falls under CWE-22 Path Traversal, which is classified as a common vulnerability in software systems that handle file operations and directory navigation.
The technical exploitation of this vulnerability enables attackers to craft malicious XML index files that contain path traversal sequences such as `../` within the `subdir` and `id` attributes. When the NLTK downloader processes these malformed XML files, it fails to validate the paths and instead executes the specified directory creation or file operations with elevated privileges. This can result in arbitrary directory creation in unexpected locations, arbitrary file creation in system directories, and most critically, arbitrary file overwrite operations that could compromise system integrity. The vulnerability is particularly dangerous because it allows attackers to manipulate the NLTK installation process to write files to arbitrary locations on the filesystem, potentially leading to privilege escalation or code execution.
The operational impact of this vulnerability extends beyond simple file manipulation as it represents a significant threat to NLTK users who rely on remote package repositories for updates and installations. Attackers who control a remote XML index server can exploit this vulnerability to install malicious packages, modify existing NLTK components, or inject harmful code into the target system. This threat is particularly concerning for researchers and developers who use NLTK in production environments or security-sensitive applications where the integrity of installed packages is paramount. The vulnerability affects the core functionality of NLTK's package management system and could be leveraged to compromise the entire NLTK ecosystem. The issue aligns with ATT&CK technique T1059 Command and Scripting Interpreter, specifically targeting the installation of malicious packages through compromised package repositories.
The fix for this vulnerability involves a specific commit 89fe2ec2c6bae6e2e7a46dad65cc34231976ed8a that implements proper validation of the `subdir` and `id` attributes within XML index files. This patch ensures that path traversal sequences are properly detected and rejected during the processing of remote XML files, preventing the execution of malicious directory or file operations. The mitigation strategy should include immediate upgrading to NLTK version 3.9.4 or later, which contains the patched code. System administrators should also implement monitoring of NLTK package installations and consider implementing network-level controls to restrict access to untrusted XML index servers. Additionally, organizations should conduct security audits of existing NLTK installations to verify that no malicious packages have been installed through this vulnerability, as the impact could persist even after patching the vulnerable system.