HIGHCVE-2026-1778Published Modified CNA AMZN
CVE-2026-1778: TLS disabled by default in select aws/sagemaker-python-sdk configurations
Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed.
Metrics
- CVSS v4.0
- 8.2
- Severity
- HIGH
- Fixed in
- 2.256.0
- Affected Products
- 1
Affected packages
- AWS / SageMaker Python SDKFixed in 3.1.1, 2.256.0
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N