Sentencepiece <0.2.1: Invalid Mem Acc via Vulnerable Model File
CVE-2026-1260 Published on January 22, 2026

Invalid Memory Access in Sentencepiece,
Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, which is not created in the normal training procedure.

NVD

Weakness Type

What is a Buffer Overflow Vulnerability?

The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

CVE-2026-1260 has been classified to as a Buffer Overflow vulnerability or weakness.

Affected Versions

Google Sentencepiece Version All versions prior to 0.2.1 is affected by CVE-2026-1260

Exploit Probability

EPSS

0.00%

Percentile

0.09%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Sentencepiece <0.2.1: Invalid Mem Acc via Vulnerable Model FileCVE-2026-1260 Published on January 22, 2026

Weakness Type

What is a Buffer Overflow Vulnerability?

Affected Versions

Exploit Probability

Sentencepiece <0.2.1: Invalid Mem Acc via Vulnerable Model File
CVE-2026-1260 Published on January 22, 2026