Bulletin ID: 2026-036-AWS
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 05/22/2026 11:15 AM PDT

Description:

Amazon Braket SDK is an open-source Python library for interacting with the Amazon Braket quantum computing service, including managing hybrid quantum jobs and retrieving job results. We identified CVE-2026-9291, an insecure deserialization issue (CWE-502) in the job results processing component. The SDK's deserialize_values() function trusts the dataFormat field from an untrusted JSON file to control whether pickle.loads() is called on the data payload. A remote authenticated user with S3 write access to the job output bucket can modify the dataFormat field in results.json from PLAINTEXT to pickled_v4 and replace data values with executable payloads, achieving arbitrary code execution on any machine that processes job results.

Impacted versions: >= 1.10.0 AND < 1.117.0

Resolution:

This issue has been addressed in amazon-braket-sdk version 1.117.0. We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes.

Workarounds:

If you cannot upgrade immediately, restrict S3 bucket policies on your Braket job output buckets to enforce least-privilege access, ensuring only trusted principals have write permissions. Additionally, you can validate the dataFormat field in job result metadata before calling job.result() and refuse to process results with an unexpected format.

References:

• CVE-2026-9291
• GHSA-g697-2xrc-gc46

Please email aws-security@amazon.com with any security questions or concerns.