This vulnerability arises when the SageMaker Python SDK disables TLS certificate verification for HTTPS connections made by the service during a Triton Python model import. As a result, requests with invalid or self‑signed certificates are accepted, allowing an attacker to perform man‑in‑the‑middle attacks or tamper with the data exchanged with the model server. The weakness is categorized as CWE‑295, which represents integrity and confidentiality compromise due to improper validation of certificate trust anchors.

Amazon SageMaker Python SDK is affected, specifically any release prior to version 3.1.1 or prior to 2.256.0. These older SDKs fail to enforce TLS certificate verification when importing Triton Python models, creating the conditions for abuse. No other AWS or SageMaker components are mentioned as affected by the CNAs.

The CVSS v3.1 base score is 8.2, indicating high severity, but the EPSS score is below 1%, suggesting low current exploitation likelihood. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. An attacker would need to supply a model import request over HTTPS that uses a self‑signed or otherwise untrusted certificate; the SDK would accept it, and the attacker could then intercept, alter, or inject data in the model's input and output streams.