VDB
CNVD-2026-10651
CNVD-2026-10651
PUBLISHED
CVSS 8.5 HIGH
Google SentencePiece是美国谷歌(Google)公司的一款用于基于神经网络的文本生成的无监督文本分词器。 Google SentencePiece存在缓冲区溢出漏洞,该漏洞源于使用非正常训练过程创建的易受攻击模型文件时存在无效内存访问。目前没有详细的漏洞细节提供。
Risk Scores
CVSS 4.0
8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sentencepiece | All versions prior to 0.2.1 |
Exploit Intelligence
- https://github.com/google/sentencepiece/releases/tag/v0.2.1 (circl)
- CIRCL seen: CVE-2026-1260 (circl-sighting)
- CIRCL seen: CVE-2026-1260 (circl-sighting)
- CIRCL seen: CVE-2026-1260 (circl-sighting)
- CIRCL seen: CVE-2026-1260 (circl-sighting)
- CIRCL seen: CVE-2026-1260 (circl-sighting)
Timeline
- Jan 22, 2026 CVE Published
- Jan 22, 2026 PoC Published
- Jan 23, 2026 PoC Published
- Jan 24, 2026 PoC Published
- Jan 24, 2026 PoC Published
- Jan 24, 2026 PoC Published