GHSA-wvrh-2f4m-924v: Symlink-Following Arbitrary File Write in ChatterBot UbuntuCorpusTrainer

Vulnerability ID: GHSA-WVRH-2F4M-924V
CVSS Score: 5.5
Published: 2026-06-19

An insecure file extraction vulnerability exists in the UbuntuCorpusTrainer component of the ChatterBot package. Due to a combination of a predictable download path, a check-then-create directory pattern, and unvalidated symbolic link resolution during archive extraction, local attackers can write arbitrary files to restricted filesystem paths.

TL;DR

The UbuntuCorpusTrainer component in ChatterBot is vulnerable to a local symlink-following attack that allows arbitrary file writes. Attackers can pre-plant symbolic links in predictable paths to redirect archive extraction, potentially overwriting critical user files or system configurations.

⚠️ Exploit Status: POC

Technical Details

• CWE ID: CWE-59: Improper Link Resolution Before File Access
• Attack Vector: Local (AV:L)
• CVSS v3.1 Score: 5.5 (Medium)
• Exploit Status: Proof of Concept Publicly Available
• CISA KEV Status: Not Listed
• Impact: Arbitrary File Write / Local Privilege Escalation

Affected Systems

• Systems running chatterbot versions <= 1.2.13
• Local multi-user environments executing machine learning training pipelines using UbuntuCorpusTrainer
• chatterbot: <= 1.2.13 (Fixed in: 1.2.14)

Exploit Details

• GitHub Security Advisory: Advisory containing the full, reproducible proof-of-concept Python script for the UbuntuCorpusTrainer symlink bypass.

Mitigation Strategies

• Upgrade chatterbot to version 1.2.14 or later.
• Implement strict path validation checks in custom wrappers using os.path.realpath.
• Restrict permissions on the application execution workspace to prevent local users from creating arbitrary symbolic links.

Remediation Steps:

1. Open your project dependency file (e.g., requirements.txt, Pipfile, setup.py).
2. Locate the chatterbot package declaration and update the version requirement to >=1.2.14.
3. Run pip install --upgrade chatterbot to apply the update.
4. Audit existing directories under ~/ubuntu_data to ensure no rogue symbolic links exist.

References

• GitHub Security Advisory GHSA-wvrh-2f4m-924v
• ChatterBot GitHub Repository

Read the full report for GHSA-WVRH-2F4M-924V on our website for more details including interactive diagrams and full exploit analysis.