{"data":{"id":"81a12dfb-b873-475c-87b3-a78de1b2de02","title":"CVE-2026-1778: Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made b","summary":"Amazon SageMaker Python SDK (a library for building machine learning models on AWS) versions before v3.1.1 or v2.256.0 have a vulnerability where TLS certificate verification (the security check that confirms a website is genuine) is disabled for HTTPS connections when importing a Triton Python model, allowing attackers to use fake or self-signed certificates to intercept or manipulate data. This vulnerability has a CVSS score (a 0-10 rating of severity) of 8.2, indicating high severity.","solution":"Update Amazon SageMaker Python SDK to version v3.1.1 or v2.256.0 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-1778","publishedAt":"2026-02-03T04:16:04.283Z","cveId":"CVE-2026-1778","cweIds":["CWE-295"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Amazon"],"affectedVendorsRaw":["Amazon SageMaker","Triton"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00009,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}