GHSA-7hh5-prp2-mfh5: Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path
Summary
Amazon SageMaker Python SDK has a vulnerability where it stores an HMAC signing key (a cryptographic secret used to verify that model files haven't been tampered with) in plaintext as an environment variable that can be read by anyone with access to certain AWS APIs. An attacker with the right permissions could steal this key, use it to forge valid model files, and run malicious code on the system running the model.
Solution / Mitigation
Upgrade to Amazon SageMaker Python SDK v2.257.2 or v3.8.0. According to the source: 'AWS recommend upgrading to the latest version and rebuilding any models previously created with ModelBuilder using the updated SDK.' As a temporary workaround if upgrading is not immediately possible: 'users can manually remove the SAGEMAKER_SERVE_SECRET_KEY environment variable from existing SageMaker models by recreating the model without this variable in the container environment configuration.'
Vulnerability Details
EPSS: 0.1%
Yes
May 21, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-7hh5-prp2-mfh5
First tracked: May 21, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 95%