Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2026-58198: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition in gunthercox ChatterBot

0
Medium
VulnerabilityCVE-2026-58198cvecve-2026-58198cwe-367cwe-59
Published: 07/09/2026 (07/09/2026, 18:32:16 UTC)
Source: CVE Database V5
Vendor/Project: gunthercox
Product: ChatterBot

Description

CVE-2026-58198 is a time-of-check to time-of-use (TOCTOU) race condition vulnerability in gunthercox ChatterBot prior to version 1.2.14. The issue occurs in the UbuntuCorpusTrainer.extract() method, which uses a predictable home-rooted output directory with a check-then-create pattern followed by tar extraction. A local attacker who pre-creates a symbolic link at the predictable path can cause archive contents to be written through the symlink to an attacker-chosen directory. This vulnerability is fixed in version 1.2.14.

CVSS v3.1

Score 5.5medium

Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected software

chatterbot
pkg:pypi/chatterbot
Affected versions
<1.2.14

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/09/2026, 20:17:35 UTC

Technical Analysis

ChatterBot versions before 1.2.14 contain a TOCTOU race condition in the UbuntuCorpusTrainer.extract() function. The function uses a predictable directory path (~/ubuntu_data/ubuntu_dialogs) and performs a check-then-create operation before extracting a tar archive to that path. Because the path is predictable and the check-then-create is not atomic, a local attacker can pre-plant a symbolic link at that location. When the tar archive is extracted, files are written through the symlink to an arbitrary directory controlled by the attacker. This can lead to unauthorized file writes. The vulnerability is addressed in ChatterBot version 1.2.14.

Potential Impact

A local attacker with the ability to create a symlink at the predictable extraction path can cause arbitrary files to be written to locations of their choosing on the filesystem. This can lead to unauthorized file modification or overwriting, potentially impacting confidentiality. The CVSS score is 5.5 (medium severity), reflecting local attack vector, low complexity, low privileges required, no user interaction, unchanged scope, high confidentiality impact, and no integrity or availability impact.

Mitigation Recommendations

Upgrade ChatterBot to version 1.2.14 or later, where this TOCTOU race condition vulnerability is fixed. There is no official patch or temporary fix other than upgrading. Until upgraded, avoid running the vulnerable extract function in environments where local attackers can create symlinks at the predictable extraction path.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Data Version
5.2
Assigner Short Name
GitHub_M
Date Reserved
2026-06-29T17:09:25.872Z
Cvss Version
3.1
State
PUBLISHED
Remediation Level
null

Threat ID: 6a4ffe7a68715ace43fdfbde

Added to database: 07/09/2026, 20:03:06 UTC

Last enriched: 07/09/2026, 20:17:35 UTC

Last updated: 07/09/2026, 20:59:27 UTC

Views: 6

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses