Security Findings in SageMaker Python SDK
Summary
AWS discovered two security vulnerabilities in the SageMaker Python SDK (a library for machine learning on Amazon's platform). The first flaw exposes HMAC keys (cryptographic secrets that verify data hasn't been tampered with) through an API, allowing attackers to forge fake data in cloud storage. The second flaw disables SSL certificate verification (the security check that confirms you're connected to a legitimate server), affecting all encrypted connections when a certain model component is used.
Solution / Mitigation
Update SageMaker Python SDK to v3.2.0 or later for the HMAC vulnerability, or v2.256.0 or later if using v2. Update to v3.1.1 or later for the TLS vulnerability, or v2.256.0 or later if using v2.
Classification
Affected Vendors
Related Issues
Original source: https://aws.amazon.com/security/security-bulletins/rss/2026-004-aws/
First tracked: June 5, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%