CVE-2026-1260

High

Published: 22 January 2026

Published

22 January 2026

Modified

30 January 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0000 0.1th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1260 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Google Sentencepiece. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 0.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the vulnerability by requiring timely flaw remediation, such as upgrading Sentencepiece to version 0.2.1 or later.

SI-10 Information Input Validation good match

prevent

Addresses exploitation via malicious model files by enforcing validation and sanitization of inputs from untrusted sources before processing.

SI-16 Memory Protection good match

prevent

Implements memory protection mechanisms that prevent unauthorized code execution and corruption from invalid memory accesses like buffer overflows.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

Direct local exploitation of memory corruption in Sentencepiece via malicious model file enables arbitrary code execution without user interaction.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, which is not created in the normal training procedure.

Deeper analysisAI

CVE-2026-1260 is an invalid memory access vulnerability affecting Sentencepiece versions prior to 0.2.1. The issue arises when processing a vulnerable model file, which is not generated through the standard training procedure. Classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), it carries a CVSS v3.1 base score of 7.8, indicating high severity due to potential impacts on confidentiality, integrity, and availability.

A local attacker with low privileges can exploit this vulnerability by supplying a malicious model file to a Sentencepiece instance running with those privileges. The low attack complexity and lack of required user interaction enable reliable exploitation, potentially leading to arbitrary code execution, data corruption, or denial of service through memory corruption.

The official mitigation, as detailed in the Sentencepiece release notes at https://github.com/google/sentencepiece/releases/tag/v0.2.1, involves upgrading to version 0.2.1 or later, which addresses the invalid memory access flaw. Security practitioners should validate and sanitize model files from untrusted sources prior to processing.

Details

CWE(s): CWE-119

Affected Products

google

sentencepiece

≤ 0.2.1

CVEs Like This One

CVE-2026-0122Same vendor: Google

CVE-2025-0762Same vendor: Google

CVE-2026-6315Same vendor: Google

CVE-2025-1916Same vendor: Google

CVE-2026-2648Same vendor: Google

CVE-2026-4092Same vendor: Google

CVE-2026-6319Same vendor: Google

CVE-2025-1920Same vendor: Google

CVE-2025-12907Same vendor: Google

CVE-2025-0997Same vendor: Google

References

https://github.com/google/sentencepiece/releases/tag/v0.2.1
Product, Release Notes · cve-coordination@google.com