{"data":{"id":"85c1d8e4-9e08-4764-a693-452841e97abb","title":"Issue with Amazon SageMaker Python SDK - Model artifact integrity verification issues (CVE-2026-8596 &amp: CVE-2026-8597)","summary":"Amazon SageMaker Python SDK has two critical vulnerabilities in its model deployment tools. CVE-2026-8596 exposes an encryption key as plaintext in APIs, allowing attackers to forge signatures and run malicious code, while CVE-2026-8597 skips integrity checks when loading model files, letting attackers replace them with malicious code that executes without verification. Both vulnerabilities require the attacker to have certain AWS permissions and access to model storage.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://aws.amazon.com/security/security-bulletins/rss/2026-031-aws/","publishedAt":"2026-05-14T20:07:25.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["model_theft","supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Amazon"],"affectedVendorsRaw":["Amazon SageMaker","Amazon SageMaker Python SDK"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-05-14T20:07:25.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}