HIGHCVE-2026-1260Published 2026-01-22Modified 2026-01-22CNA Google

CVE-2026-1260: Invalid Memory Access in Sentencepiece,

Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, which is not created in the normal training procedure.

CVSS v4.0: 8.5
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Google / Sentencepiece
All versions prior to 0.2.1

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

github.com

Metrics