Skip to main content

Security Findings in SageMaker Python SDK

Bulletin ID: 2026-004-AWS
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 2026/02/02 12:15 PM PST
 

We identified following CVEs:

Description:

  • CVE-2026-1777 - Exposed HMAC in SageMaker Python SDK
    SageMaker Python SDK’s remote functions feature uses a per‑job HMAC key to protect the integrity of serialized functions, arguments, and results stored in S3. We identified an issue where the HMAC secret key is stored in environment variables and disclosed via the DescribeTrainingJob API. This allows third parties with DescribeTrainingJob permissions to extract the key, forge cloud-pickled payloads with valid HMACs, and overwrite S3 objects.

  • CVE-2026-1778 - Insecure TLS Configuration in SageMaker Python SDK
    SageMaker Python SDK is an open source library for training and deploying machine learning models on Amazon SageMaker. We identified an issue where SSL certificate verification was globally disabled in the Triton Python backend. This configuration was introduced to work around SSL errors during model downloads from public sources (e.g., TorchVision) and it affected all HTTPS connections when the Triton Python model was imported.

Impacted versions:

  • HMAC Configuration in SageMaker Python SDK v3 < v3.2.0
  • HMAC Configuration in SageMaker Python SDK v2 < v2.256.0
  • Insecure TLS Configuration in SageMaker Python SDK v3 < v3.1.1
  • Insecure TLS Configuration in SageMaker Python SDK v2 < v2.256.0

Resolution:

HMAC Configuration issue has been addressed in SageMaker Python SDK version v3.2.0 and v2.256.0. Insecure TLS Configuration issue has been addressed in SageMaker Python SDK version v3.1.1 and v2.256.0. We recommend upgrading to the latest version immediately and ensuring any forked or derivative code is patched to incorporate the new fixes.

Workarounds:

Customers using self-signed certificates for internal model downloads should add their private Certificate Authority (CA) certificate to the container image rather than relying on the SDK’s previous insecure configuration. This opt-in approach maintains security while accommodating internal trusted domains.

References:

Please email aws-security@amazon.com with any security questions or concerns.