CVE-2026-33230: Nltk Lexical Path Validation Symlink Bypass
Lexical path checks without resolution permit path traversal via symbolic links. An attacker can embed a symlink in a corpus archive pointing out of bounds, bypassing sandbox checks and reading arbitrary files. Use resolved paths and verify they strictly reside under the intended root.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0
Python
Pythongreprules fetch cve-2026-33230-nltk-lexical-path-validation-symlink-bypass --engine opengrepDescription
Lexical path checks without resolution permit path traversal via symbolic links. An attacker can embed a symlink in a corpus archive pointing out of bounds, bypassing sandbox checks and reading arbitrary files. Use resolved paths and verify they strictly reside under the intended root.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0