Vulnerability Details CVE-2026-1260
Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, which is not created in the normal training procedure.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.1%
CVSS Severity
CVSS v3 Score 7.8
Products affected by CVE-2026-1260
-
cpe:2.3:a:google:sentencepiece:0.1.4
-
cpe:2.3:a:google:sentencepiece:0.1.5
-
cpe:2.3:a:google:sentencepiece:0.1.6
-
cpe:2.3:a:google:sentencepiece:0.1.7
-
cpe:2.3:a:google:sentencepiece:0.1.8
-
cpe:2.3:a:google:sentencepiece:0.1.81
-
cpe:2.3:a:google:sentencepiece:0.1.82
-
cpe:2.3:a:google:sentencepiece:0.1.83
-
cpe:2.3:a:google:sentencepiece:0.1.84
-
cpe:2.3:a:google:sentencepiece:0.1.85
-
cpe:2.3:a:google:sentencepiece:0.1.86
-
cpe:2.3:a:google:sentencepiece:0.1.9
-
cpe:2.3:a:google:sentencepiece:0.1.90
-
cpe:2.3:a:google:sentencepiece:0.1.91
-
cpe:2.3:a:google:sentencepiece:0.1.92
-
cpe:2.3:a:google:sentencepiece:0.1.93
-
cpe:2.3:a:google:sentencepiece:0.1.94
-
cpe:2.3:a:google:sentencepiece:0.1.95
-
cpe:2.3:a:google:sentencepiece:0.1.96
-
cpe:2.3:a:google:sentencepiece:0.1.97
-
cpe:2.3:a:google:sentencepiece:0.1.98
-
cpe:2.3:a:google:sentencepiece:0.1.99
-
cpe:2.3:a:google:sentencepiece:0.2.0