{"data":{"id":"5668ace9-3eb5-474d-863e-ae2d3e445cde","title":"Security Findings in SageMaker Python SDK","summary":"AWS discovered two security vulnerabilities in the SageMaker Python SDK (a library for machine learning on Amazon's platform). The first flaw exposes HMAC keys (cryptographic secrets that verify data hasn't been tampered with) through an API, allowing attackers to forge fake data in cloud storage. The second flaw disables SSL certificate verification (the security check that confirms you're connected to a legitimate server), affecting all encrypted connections when a certain model component is used.","solution":"Update SageMaker Python SDK to v3.2.0 or later for the HMAC vulnerability, or v2.256.0 or later if using v2. Update to v3.1.1 or later for the TLS vulnerability, or v2.256.0 or later if using v2.","labels":["security"],"sourceUrl":"https://aws.amazon.com/security/security-bulletins/rss/2026-004-aws/","publishedAt":"2026-06-05T19:19:25.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Amazon"],"affectedVendorsRaw":["AWS SageMaker","Amazon SageMaker Python SDK"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-05T19:19:25.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}