sentencepiece-0.1.99-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl: 1 vulnerabilities (highest severity is: 7.8) #88
Description
Vulnerable Library - sentencepiece-0.1.99-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
SentencePiece python wrapper
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Found in HEAD commit: 5703867cc506719d7029f4ab2cc3f15e2d4cae09
Vulnerabilities
| Vulnerability | Severity |  CVSS |
Dependency | Type | Fixed in (sentencepiece version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2026-1260 |  High |
7.8 | sentencepiece-0.1.99-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl | Direct | sentencepiece - 0.2.1 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2026-1260
Vulnerable Library - sentencepiece-0.1.99-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
SentencePiece python wrapper
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
- ❌ sentencepiece-0.1.99-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)
Found in HEAD commit: 5703867cc506719d7029f4ab2cc3f15e2d4cae09
Found in base branch: main
Vulnerability Details
Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, which is not created in the normal training procedure.
Publish Date: 2026-01-22
URL: CVE-2026-1260
CVSS 3 Score Details (7.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Release Date: 2026-01-22
Fix Resolution: sentencepiece - 0.2.1
Step up your Open Source Security Game with Mend here