{"data":{"id":"546df6f3-744c-4f4f-a711-9824888ffa29","title":"GHSA-7hh5-prp2-mfh5: Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path","summary":"Amazon SageMaker Python SDK has a vulnerability where it stores an HMAC signing key (a cryptographic secret used to verify that model files haven't been tampered with) in plaintext as an environment variable that can be read by anyone with access to certain AWS APIs. An attacker with the right permissions could steal this key, use it to forge valid model files, and run malicious code on the system running the model.","solution":"Upgrade to Amazon SageMaker Python SDK v2.257.2 or v3.8.0. According to the source: 'AWS recommend upgrading to the latest version and rebuilding any models previously created with ModelBuilder using the updated SDK.' As a temporary workaround if upgrading is not immediately possible: 'users can manually remove the SAGEMAKER_SERVE_SECRET_KEY environment variable from existing SageMaker models by recreating the model without this variable in the container environment configuration.'","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-7hh5-prp2-mfh5","publishedAt":"2026-05-21T17:42:40.000Z","cveId":"CVE-2026-8596","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":["sagemaker@>= 3.0.0, <= 3.7.1 (fixed: 3.8.0)","sagemaker@>= 2.199.0, <= 2.257.1 (fixed: 2.257.2)"],"affectedVendors":["Amazon"],"affectedVendorsRaw":["Amazon SageMaker","TorchServe","Multi-Model Server","TensorFlow Serving","Triton"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.001,"patchAvailable":true,"disclosureDate":"2026-05-21T17:42:40.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}