TLS Certificate Verification Bypass in Amazon SageMaker Python SDK
CVE-2026-1778

8.2HIGH

Key Information:

Vendor

Aws

Status
Sagemaker Python Sdk
Vendor
CVE Published:
2 February 2026

What is CVE-2026-1778?

The Amazon SageMaker Python SDK versions before v3.1.1 and v2.256.0 exhibit a vulnerable configuration that disables TLS certificate verification for HTTPS connections when importing Triton Python models. This flaw enables the service to accept requests that utilize invalid or self-signed certificates, potentially exposing users to man-in-the-middle attacks and compromising data security. It is crucial for users to upgrade to the latest versions to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SageMaker Python SDK 3.1.1

SageMaker Python SDK 2.256.0

References

https://aws.amazon.com/security/security-bulletins/2026-0...
vendor-advisory
https://github.com/aws/sagemaker-python-sdk/security/advi...
third-party-advisory
https://github.com/aws/sagemaker-python-sdk/releases/tag/...
patch

CVSS V4

Score:
8.2
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.