PT-2026-41118 · Amazon · Sagemaker-Python-Sdk

Jam-Jee

·

Published

2026-05-14

·

Updated

2026-05-25

·

CVE-2026-8597

CVSS v3.1

7.2

High

VectorAV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Amazon SageMaker Python SDK versions prior to 2.257.2 Amazon SageMaker Python SDK versions prior to 3.8.0
Description Missing integrity verification in the Triton inference handler allows a remote authenticated actor with S3 write access to the model artifact path to achieve code execution in inference containers. This is possible by replacing model artifacts in S3 with a specially crafted pickle payload that is deserialized without verification. Pickle is a Python module used for serializing and deserializing objects.
Recommendations Upgrade to version 2.257.2 and rebuild any Triton models previously created with ModelBuilder using the updated SDK. Upgrade to version 3.8.0 and rebuild any Triton models previously created with ModelBuilder using the updated SDK.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-8597
GHSA-RQ6V-X3J8-7QGF

Affected Products

Sagemaker-Python-Sdk