{
  "threat_severity" : "Important",
  "public_date" : "2026-01-22T17:06:17Z",
  "bugzilla" : {
    "description" : "sentencepiece: Sentencepiece: Invalid memory access leading to potential arbitrary code execution via a crafted model file.",
    "id" : "2432079",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2432079"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-119",
  "details" : [ "Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, which is not created in the normal training procedure.", "A flaw was found in Sentencepiece. This flaw involves invalid memory access when the software processes a specially crafted, vulnerable model file. A local attacker could exploit this by tricking a user into loading such a file. Successful exploitation could lead to a denial of service, information disclosure, or potentially arbitrary code execution." ],
  "statement" : "This IMPORTANT flaw in Sentencepiece allows invalid memory access when processing a specially crafted model file. A local attacker could exploit this by deceiving a user into loading a malicious file, potentially leading to denial of service, information disclosure, or arbitrary code execution. Red Hat products utilizing Sentencepiece, such as Red Hat AI Inference Server and Red Hat OpenShift AI, are affected if they process untrusted model files.",
  "affected_release" : [ {
    "product_name" : "Red Hat OpenShift AI 2.25",
    "release_date" : "2026-03-04T00:00:00Z",
    "advisory" : "RHSA-2026:3782",
    "cpe" : "cpe:/a:redhat:openshift_ai:2.25::el9",
    "package" : "rhoai/odh-openvino-model-server-rhel9:1772093351"
  }, {
    "product_name" : "Red Hat OpenShift AI 2.25",
    "release_date" : "2026-03-04T00:00:00Z",
    "advisory" : "RHSA-2026:3782",
    "cpe" : "cpe:/a:redhat:openshift_ai:2.25::el9",
    "package" : "rhoai/odh-training-cuda121-torch24-py311-rhel9:1772093252"
  }, {
    "product_name" : "Red Hat OpenShift AI 2.25",
    "release_date" : "2026-03-04T00:00:00Z",
    "advisory" : "RHSA-2026:3782",
    "cpe" : "cpe:/a:redhat:openshift_ai:2.25::el9",
    "package" : "rhoai/odh-training-cuda124-torch25-py311-rhel9:1772093260"
  }, {
    "product_name" : "Red Hat OpenShift AI 2.25",
    "release_date" : "2026-03-04T00:00:00Z",
    "advisory" : "RHSA-2026:3782",
    "cpe" : "cpe:/a:redhat:openshift_ai:2.25::el9",
    "package" : "rhoai/odh-training-rocm62-torch24-py311-rhel9:1772093338"
  }, {
    "product_name" : "Red Hat OpenShift AI 2.25",
    "release_date" : "2026-03-04T00:00:00Z",
    "advisory" : "RHSA-2026:3782",
    "cpe" : "cpe:/a:redhat:openshift_ai:2.25::el9",
    "package" : "rhoai/odh-training-rocm62-torch25-py311-rhel9:1772093324"
  }, {
    "product_name" : "Red Hat OpenShift AI 3.3",
    "release_date" : "2026-03-04T00:00:00Z",
    "advisory" : "RHSA-2026:3713",
    "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9",
    "package" : "rhoai/odh-openvino-model-server-rhel9:1771608633"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat AI Inference Server",
    "fix_state" : "Not affected",
    "package_name" : "rhaiis-preview/vllm-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3"
  }, {
    "product_name" : "Red Hat AI Inference Server",
    "fix_state" : "Affected",
    "package_name" : "rhaiis/vllm-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3"
  }, {
    "product_name" : "Red Hat AI Inference Server",
    "fix_state" : "Affected",
    "package_name" : "rhaiis/vllm-rocm-rhel9",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3"
  }, {
    "product_name" : "Red Hat AI Inference Server",
    "fix_state" : "Not affected",
    "package_name" : "rhaiis/vllm-spyre-rhel9",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3"
  }, {
    "product_name" : "Red Hat AI Inference Server",
    "fix_state" : "Not affected",
    "package_name" : "rhaiis/vllm-tpu-rhel9",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Not affected",
    "package_name" : "rhelai3/bootc-aws-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Not affected",
    "package_name" : "rhelai3/bootc-azure-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Not affected",
    "package_name" : "rhelai3/bootc-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Not affected",
    "package_name" : "rhelai3/bootc-gcp-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-kserve-agent-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-kserve-controller-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-kserve-router-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-kserve-storage-initializer-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-llama-stack-core-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-training-cuda128-torch28-py312-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-training-rocm64-torch28-py312-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-vllm-cpu-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-vllm-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-vllm-gaudi-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-vllm-rocm-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-1260\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-1260\nhttps://github.com/google/sentencepiece/releases/tag/v0.2.1" ],
  "name" : "CVE-2026-1260",
  "csaw" : false
}