PT-2026-41118 · Amazon · Sagemaker-Python-Sdk
Jam-Jee
·
Published
2026-05-14
·
Updated
2026-05-25
·
CVE-2026-8597
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Amazon SageMaker Python SDK versions prior to 2.257.2
Amazon SageMaker Python SDK versions prior to 3.8.0
Description
Missing integrity verification in the Triton inference handler allows a remote authenticated actor with S3 write access to the model artifact path to achieve code execution in inference containers. This is possible by replacing model artifacts in S3 with a specially crafted pickle payload that is deserialized without verification. Pickle is a Python module used for serializing and deserializing objects.
Recommendations
Upgrade to version 2.257.2 and rebuild any Triton models previously created with ModelBuilder using the updated SDK.
Upgrade to version 3.8.0 and rebuild any Triton models previously created with ModelBuilder using the updated SDK.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sagemaker-Python-Sdk