{"data":{"id":"49e8267f-5509-4434-863d-c141ff0a0fbb","title":"CVE-2026-8597: Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 ","summary":"A vulnerability in Amazon SageMaker Python SDK (a tool for building machine learning models on AWS) allows an attacker with write access to S3 (Amazon's cloud storage service) to execute malicious code by replacing model files with a specially crafted pickle file (a Python format for storing objects) that isn't checked for authenticity before being used. This only affects versions before v2.257.2 and v3.8.0, and requires the attacker to already have permission to write to the storage location.","solution":"Upgrade to Amazon SageMaker Python SDK v2.257.2 or v3.8.0, and rebuild any Triton models previously created with ModelBuilder using the updated SDK.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-8597","publishedAt":"2026-05-14T20:17:21.340Z","cveId":"CVE-2026-8597","cweIds":["CWE-354"],"cvssScore":"7.2","cvssSeverity":"high","severity":"high","attackType":["model_poisoning"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Amazon"],"affectedVendorsRaw":["Amazon SageMaker"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"high","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-14T20:17:21.340Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}