Description
Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, which is not created in the normal training procedure.
Published: 2026-01-22
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Memory Corruption – Potential Denial of Service
Action: Apply Patch
AI Analysis

Impact

The flaw exists in Sentencepiece releases earlier than 0.2.1 when a model file that is not produced through the normal training workflow is loaded. The improper bounds check during model file parsing triggers an invalid memory access, which can cause the application to crash or corrupt execution flow. An attacker who can supply such a malicious model file may be able to disrupt service availability and, depending on the environment, create an opportunity for more serious compromise.

Affected Systems

Google Sentencepiece software, all versions below 0.2.1. The vulnerability affects any deployment that loads third‑party model files, such as in machine‑learning pipelines that rely on Sentencepiece for tokenization.

Risk and Exploitability

The CVSS score of 8.5 classifies this as high severity. An EPSS score of less than 1% indicates that the likelihood of exploitation is currently very low, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to supply a malformed model file; therefore, the attack vector is inferred to be local or remote where the application accepts external model files. Systems that validate model files or run Sentencepiece in a sandboxed environment will reduce exposure, although the lack of public exploits means that presently the risk is largely theoretical and limited to environments that use vulnerable versions.

Generated by OpenCVE AI on April 18, 2026 at 03:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Sentencepiece to version 0.2.1 or later
  • Validate all model files to ensure they are generated via the standard training process and originate from trusted sources
  • If an upgrade is not immediately feasible, isolate the application from untrusted inputs and monitor for crashes or abnormal memory consumption

Generated by OpenCVE AI on April 18, 2026 at 03:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-38vq-g6vr-w8wf Sentencepiece has a a heap overflow issue
History

Fri, 30 Jan 2026 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:google:sentencepiece:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google sentencepiece
Vendors & Products Google
Google sentencepiece

Fri, 23 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

threat_severity

Important

Thu, 22 Jan 2026 23:00:00 +0000

Type Values Removed Values Added
Description Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, which is not created in the normal training procedure.
Title Invalid Memory Access in Sentencepiece,
Weaknesses CWE-119
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Google Sentencepiece
cve-icon MITRE

Status: PUBLISHED

Assigner: Google

Published:

Updated: 2026-01-22T18:22:36.273Z

Reserved: 2026-01-20T20:25:05.556Z

Link: CVE-2026-1260

cve-icon Vulnrichment

Updated: 2026-01-22T18:22:28.437Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-22T17:16:30.643

Modified: 2026-01-30T18:33:45.450

Link: CVE-2026-1260

cve-icon Redhat

Severity : Important

Publid Date: 2026-01-22T17:06:17Z

Links: CVE-2026-1260 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T03:45:21Z

Weaknesses