PT-2026-41117 · Amazon · Sagemaker-Python-Sdk

Published

2026-05-14

·

Updated

2026-05-21

·

CVE-2026-8596

CVSS v4.0

8.5

High

VectorAV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
Name of the Vulnerable Software and Affected Versions Amazon SageMaker Python SDK versions prior to 2.257.2 Amazon SageMaker Python SDK versions prior to 3.8.0
Description The ModelBuilder/Serve component stores sensitive information in cleartext. A remote authenticated actor with permissions to call SageMaker describe APIs and S3 write access to the model artifact path could extract the HMAC (Hash-based Message Authentication Code, a mechanism for verifying both the data integrity and the authenticity of a message) signing key from SageMaker API responses. This could allow the actor to forge valid integrity signatures for specially crafted model artifacts, leading to code execution in inference containers.
Recommendations Upgrade to version 2.257.2 and rebuild any models previously created with ModelBuilder. Upgrade to version 3.8.0 and rebuild any models previously created with ModelBuilder.

Exploit

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-8596
GHSA-7HH5-PRP2-MFH5

Affected Products

Sagemaker-Python-Sdk