A vulnerability categorized as critical has been discovered in NLTK up to 3.9.4. Affected by this issue is the function
url2pathname of the file nltk/data.py. The manipulation results in path traversal.
This vulnerability is known as CVE-2026-12243. It is possible to launch the attack remotely. No exploit is available.