GHSA-38vq-g6vr-w8wf

Опубликовано: 22 янв. 2026

Источник: github

Github: Прошло ревью

CVSS4: 8.5

Описание

Sentencepiece has a a heap overflow issue

Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, which is not created in the normal training procedure.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2026-1260
https://github.com/google/sentencepiece/commit/d856b67fdb3492e035489abf9b3aaf486144b2c0
https://github.com/google/sentencepiece/releases/tag/v0.2.1

Пакеты

Наименование

sentencepiece

pip

Затронутые версииВерсия исправления

< 0.2.1

0.2.1

EPSS

Процентиль: 0%

0.00003

Низкий

8.5 High

CVSS4

CVE ID

CVE-2026-1260

Дефекты

CWE-119

Связанные уязвимости

CVE-2026-1260

CVSS3: 7.8

nvd

16 дней назад

Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, which is not created in the normal training procedure.

EPSS

Процентиль: 0%

0.00003

Низкий

8.5 High

CVSS4

CVE ID

CVE-2026-1260

Дефекты

CWE-119