PT-2026-41117 · Amazon · Sagemaker-Python-Sdk
Published
2026-05-14
·
Updated
2026-05-21
·
CVE-2026-8596
CVSS v4.0
8.5
High
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
Amazon SageMaker Python SDK versions prior to 2.257.2
Amazon SageMaker Python SDK versions prior to 3.8.0
Description
The ModelBuilder/Serve component stores sensitive information in cleartext. A remote authenticated actor with permissions to call SageMaker describe APIs and S3 write access to the model artifact path could extract the HMAC (Hash-based Message Authentication Code, a mechanism for verifying both the data integrity and the authenticity of a message) signing key from SageMaker API responses. This could allow the actor to forge valid integrity signatures for specially crafted model artifacts, leading to code execution in inference containers.
Recommendations
Upgrade to version 2.257.2 and rebuild any models previously created with ModelBuilder.
Upgrade to version 3.8.0 and rebuild any models previously created with ModelBuilder.
Exploit
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sagemaker-Python-Sdk