CVE-2026-12243
Python Schwachstellenanalyse und -minderung

Überblick

CVE-2026-12243 is a path traversal vulnerability in NLTK (Natural Language Toolkit) version 3.9.4 that allows unauthenticated remote attackers to read arbitrary files accessible to the Python process. The flaw stems from an incomplete fix for GitHub Issue #3504, where the _UNSAFE_NO_PROTOCOL_RE regex in nltk/data.py fails to account for percent-encoded traversal sequences (e.g., ..%2f). It was published on June 30, 2026, and carries a CVSS v3.0 base score of 7.5 (High) (GitHub Advisory, Red Hat Bugzilla).

Technische Details

The root cause is CWE-22 (Improper Limitation of a Pathname to a Restricted Directory). The _UNSAFE_NO_PROTOCOL_RE regex in nltk/data.py validates resource names by checking for literal ../ sequences, but the url2pathname() function decodes percent-encoded sequences (e.g., ..%2f../) after this validation step, allowing the check to be trivially bypassed. An attacker who can control the resource name parameter passed to nltk.data.load() or nltk.data.find() — for example, via a web API or CLI input — can supply a crafted percent-encoded path to traverse outside the intended directory. The default pathsec.ENFORCE=False configuration further exacerbates the issue by not blocking the file read at the open() stage (GitHub Advisory, Huntr Bounty).

Aufprall

Successful exploitation allows an unauthenticated network attacker to read arbitrary files accessible to the Python process running NLTK, resulting in a high confidentiality impact with no integrity or availability impact. Sensitive files such as application configuration files, credentials, private keys, or system files (e.g., /etc/passwd) could be exfiltrated depending on the process's file system permissions. Affected application types include NLP web applications, Jupyter notebooks, and CLI tools that pass user-controlled input to NLTK resource loading functions (GitHub Advisory, Red Hat Bugzilla).

Ausnutzungsschritte

  1. Identify a vulnerable target: Find an application that exposes NLTK resource loading functionality (e.g., an NLP web API, Jupyter notebook, or CLI tool) and accepts user-controlled input passed to nltk.data.load() or nltk.data.find(), running NLTK version 3.9.4.
  2. Craft a percent-encoded path traversal payload: Instead of using a literal ../ sequence (which would be caught by the regex), construct a resource name using percent-encoded traversal, e.g., ..%2f..%2f..%2fetc%2fpasswd.
  3. Submit the payload: Pass the crafted resource name to the vulnerable application endpoint or function call. The _UNSAFE_NO_PROTOCOL_RE regex validation passes because it only checks for literal ../.
  4. Trigger decoding and file read: The url2pathname() function decodes %2f to / after validation, resolving the path to an arbitrary file outside the intended directory. With pathsec.ENFORCE=False (the default), no additional blocking occurs at the open() stage.
  5. Retrieve file contents: The contents of the targeted file (e.g., /etc/passwd, application config files, or secrets) are returned to the attacker via the application's response (Huntr Bounty, GitHub Advisory).

Indikatoren für Kompromittierung

  • Network: Unusual or unexpected HTTP requests to NLP application endpoints containing percent-encoded sequences such as %2f, %2F, %2e, or %2E in resource name parameters; requests referencing system paths like etc, passwd, shadow, or application config directories.
  • Logs: Application logs showing calls to nltk.data.load() or nltk.data.find() with resource names containing ..%2f, ..%2F, or other encoded traversal patterns; Python exception traces related to unexpected file paths in NLTK data loading.
  • File System: Evidence of access to files outside the NLTK data directory (e.g., /etc/passwd, SSH keys, application .env files) in OS-level file access audit logs (e.g., auditd records).
  • Process: Python process accessing files in unexpected directories not associated with NLTK data storage (GitHub Advisory, Red Hat Bugzilla).

Risikominderung und Problemumgehungen

Upgrade NLTK to a patched version that properly validates percent-encoded path traversal sequences (check the GitHub Advisory for the specific fixed version once published). As an immediate workaround, set pathsec.ENFORCE=True in your NLTK configuration to add an additional blocking layer at the open() stage. Additionally, restrict the resource names that can be passed to nltk.data.load() and nltk.data.find() to a strict allowlist of expected values, and avoid passing unsanitized user input directly to these functions (GitHub Advisory, Red Hat Bugzilla).

Reaktionen der Community

The vulnerability was reported through the Huntr bug bounty platform and assigned a high severity rating. Red Hat opened a tracking bug (BZ#2494748) with high priority, indicating concern for downstream distributions that package NLTK. Social media activity was observed on Bluesky and Mastodon/infosec.exchange shortly after disclosure, with automated CVE tracking accounts amplifying the advisory (Red Hat Bugzilla, GitHub Advisory).

Zusätzliche Ressourcen


QuelleDieser Bericht wurde mithilfe von KI erstellt

Verwandt Python Schwachstellen:

CVE-Kennung

Strenge

Punktzahl

Technologieen

Name der Komponente

CISA KEV-Exploit

Hat fix

Veröffentlichungsdatum

CVE-2026-57585HIGH7.5
  • Python logoPython
  • python-pip
NeinJaJun 30, 2026
CVE-2026-12243HIGH7.5
  • Python logoPython
  • nltk
NeinNeinJun 30, 2026
CVE-2026-49986HIGH7.1
  • Python logoPython
  • neuro-cortex-memory
NeinJaJul 01, 2026
CVE-2026-57204MEDIUM6.9
  • Python logoPython
  • pypdf
NeinJaJun 30, 2026
GHSA-75mw-h36v-2jv7MEDIUM6.1
  • Python logoPython
  • dosage
NeinJaJun 26, 2026

Kostenlose Schwachstellenbewertung

Benchmarking Ihrer Cloud-Sicherheitslage

Bewerten Sie Ihre Cloud-Sicherheitspraktiken in 9 Sicherheitsbereichen, um Ihr Risikoniveau zu bewerten und Lücken in Ihren Abwehrmaßnahmen zu identifizieren.

Bewertung anfordern

Eine personalisierte Demo anfordern

Sind Sie bereit, Wiz in Aktion zu sehen?

"Die beste Benutzererfahrung, die ich je gesehen habe, bietet vollständige Transparenz für Cloud-Workloads."
David EstlickCISO
"„Wiz bietet eine zentrale Oberfläche, um zu sehen, was in unseren Cloud-Umgebungen vor sich geht.“ "
Adam FletcherSicherheitsbeauftragter
"„Wir wissen, dass, wenn Wiz etwas als kritisch identifiziert, es auch wirklich kritisch ist.“"
Greg PoniatowskiLeiter Bedrohungs- und Schwachstellenmanagement