CVE-2026-0846

high Red Hat
CVSS v3 Base Score
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.1%
Exploitation probability in 30 days
Top 77% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
High
Integrity
None
Availability
None
Published: March 9, 2026 (66 days ago)
Last Modified: March 9, 2026
Vendor: Red Hat

Description

A flaw was found in the `nltk` component. This vulnerability, specifically within the `filestring()` function of the `nltk.util` module, allows an attacker to perform arbitrary file reads. By providing specially crafted input paths, either absolute or using directory traversal, an attacker can bypass input validation and access sensitive system files. This can be exploited both locally and remotely, particularly when the function processes user-supplied input in applications like web APIs.

CWE

CWE-22

Affected Products

Lightspeed CoreOpenShift LightspeedRed Hat Ansible Automation Platform 2Red Hat OpenShift AI (RHOAI)

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 huntr.com