AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-8597: Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3

highvulnerability

security

Source: NVD/CVE DatabaseMay 14, 2026CVE-2026-8597

Summary

A vulnerability in Amazon SageMaker Python SDK (a tool for building machine learning models on AWS) allows an attacker with write access to S3 (Amazon's cloud storage service) to execute malicious code by replacing model files with a specially crafted pickle file (a Python format for storing objects) that isn't checked for authenticity before being used. This only affects versions before v2.257.2 and v3.8.0, and requires the attacker to already have permission to write to the storage location.

Solution / Mitigation

Upgrade to Amazon SageMaker Python SDK v2.257.2 or v3.8.0, and rebuild any Triton models previously created with ModelBuilder using the updated SDK.

Vulnerability Details

CVSS Score

7.2(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

network

Attack Complexity

low

Privileges Required

high

User Interaction

none

Disclosure Date

May 14, 2026

Classification

Attack Type

Model Poisoning

Attack SophisticationModerate

Impact (CIA+S)

integrityconfidentiality

Taxonomy References

CWE (Weakness Type)

CWE-354

Affected Vendors

Amazon

Related Issues

info

Secure AI agent access patterns to AWS resources using Model Context Protocol

Same vendorAWS Security Blog

info

The AWS AI Security Framework: Securing AI with the right controls, at the right layers, at the right phases

Same vendorAWS Security Blog

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-8597

First tracked: May 14, 2026 at 08:12 PM

Classified by LLM (prompt v3) · confidence: 95%