Ubuntu 24.04 NLTK Critical File Extraction Threat 2026-8214-1
Apr 28, 2026
•
LinuxSecurity Advisories
1 - 2 min read
Topics Covered
NLTK could be made to crash or run programs as your login if it opened a specially crafted zip file.
==========================================================================
Ubuntu Security Notice USN-8214-1
April 28, 2026
nltk vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
NLTK could be made to crash or run programs as your login if it opened a
specially crafted zip file.
Software Description:
- nltk: Natural Language Toolkit
Details:
It was discovered that NLTK incorrectly handled file extraction when
opening a maliciously crafted zip file. An attacker could possibly use this
issue to create or overwrite files on the system and execute arbitrary
code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
python3-nltk 3.8.1-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
python3-nltk 3.7-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
python3-nltk 3.4.5-2ubuntu0.1~esm3
Available with Ubuntu Pro
Ubuntu 18.04 LTS
python-nltk 3.2.5-1ubuntu0.1+esm3
Available with Ubuntu Pro
python3-nltk 3.2.5-1ubuntu0.1+esm3
Available with Ubuntu Pro
Ubuntu 16.04 LTS
python-nltk 3.1-1ubuntu0.1+esm3
Available with Ubuntu Pro
python3-nltk 3.1-1ubuntu0.1+esm3
Available with Ubuntu Pro
Ubuntu 14.04 LTS
python-nltk 2.0~b9-0ubuntu4.1~esm5
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8214-1
CVE-2025-14009
PREVIOUS
NEXT
Ubuntu 24.04 NLTK Critical File Extraction Threat 2026-8214-1
ubuntu
April 28, 2026
NLTK could be made to crash or run programs as your login if it opened a specially crafted zip file.
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: NLTK could be made to crash or run programs as your login if it opened a specially crafted zip file. Software Description: - nltk: Natural Language Toolkit Details: It was discovered that NLTK incorrectly handled file extraction when opening a maliciously crafted zip file. An attacker could possibly use this issue to create or overwrite files on the system and execute arbitrary code.
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS python3-nltk 3.8.1-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS python3-nltk 3.7-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS python3-nltk 3.4.5-2ubuntu0.1~esm3 Available with Ubuntu Pro Ubuntu 18.04 LTS python-nltk 3.2.5-1ubuntu0.1+esm3 Available with Ubuntu Pro python3-nltk 3.2.5-1ubuntu0.1+esm3 Available with Ubuntu Pro Ubuntu 16.04 LTS python-nltk 3.1-1ubuntu0.1+esm3 Available with Ubuntu Pro python3-nltk 3.1-1ubuntu0.1+esm3 Available with Ubuntu Pro Ubuntu 14.04 LTS python-nltk 2.0~b9-0ubuntu4.1~esm5 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-8214-1
CVE-2025-14009
Severity
critical
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-8214-1
Topics Covered
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!