CVE-2026-1260

HIGH 7.8

Invalid Memory Access in Sentencepiece,

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, which is not created in the normal training procedure.

CWE	CWE-119
Vendor	google
Product	sentencepiece
Ecosystems	Android Cloud Chrome
Industries	Technology
Published	Jan 22, 2026
Last Updated	Jun 30, 2026

Stay Ahead of the Next One

Get instant alerts for google sentencepiece

Be the first to know when new high vulnerabilities affecting google sentencepiece are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Google / Sentencepiece

All versions prior to 0.2.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/google/sentencepiece/releases/tag/v0.2.1 access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-1260 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2432079 security.access.redhat.com: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1260.json access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3782 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3713