Sensitive Information Exposure in Amazon SageMaker Python SDK
CVE-2026-8596

8.5HIGH

Key Information:

Vendor

Amazon Sagemaker Python Sdk

Status
Aws
Vendor
CVE Published:
14 May 2026

What is CVE-2026-8596?

The Amazon SageMaker Python SDK prior to certain versions allows for cleartext storage of sensitive data within its ModelBuilder and Serve components. This vulnerability can be exploited by a remote authenticated user who has permissions to invoke the SageMaker describe APIs and write to specific S3 paths related to model artifacts. Through this flaw, the attacker could potentially extract the HMAC signing key from API responses. With this key, they can forge valid integrity signatures for manipulated model artifacts, leading to unauthorized code execution in inference containers. To mitigate this risk, it is crucial for users to upgrade to version 2.257.2 or later for v2 and version 3.8.0 or later for v3, and recreate any impacted models.

Affected Version(s)

AWS 2.199.0 <= 2.257.1

AWS 3.0.0 <= 3.7.1

References

https://github.com/aws/sagemaker-python-sdk/releases/tag/...
patch
https://github.com/aws/sagemaker-python-sdk/releases/tag/...
patch
https://aws.amazon.com/security/security-bulletins/2026-0...
vendor-advisory

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.