Description
Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for specially crafted model artifacts, achieving code execution in inference containers. This issue requires a remote authenticated actor with permissions to call SageMaker describe APIs and S3 write access to the model artifact path.



To remediate this issue, we recommend upgrading to Amazon SageMaker Python SDK v2.257.2 or v3.8.0 and rebuild any models previously created with ModelBuilder using the updated SDK.
Published: 2026-05-14
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Cleartext storage of the HMAC signing key in the ModelBuilder/Serve component allows a remote authenticated actor to pull the key from SageMaker API responses. The actor can then forge valid integrity signatures for specially crafted model artifacts, achieving code execution within inference containers. The weakness is a classic example of insecure cryptographic storage, classified as CWE‑312.

Affected Systems

Amazon SageMaker Python SDK versions before v2.257.2 in the v2 series and before v3.8.0 in the v3 series are affected. The vulnerability applies to any user of the SDK who relies on ModelBuilder and has the ability to describe SageMaker resources and write to the S3 model artifact location.

Risk and Exploitability

The CVSS score of 8.5 indicates high severity, though no public exploit is currently documented and the EPSS score is not available. The vulnerability requires an authenticated user with sufficient SageMaker describe API permissions and S3 write access to the model artifact path. An attacker could extract the cleartext key, create a maliciously signed model artifact, upload it to the target S3 bucket, and trigger code execution when the artifact is loaded into a SageMaker inference container.

Generated by OpenCVE AI on May 14, 2026 at 22:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Amazon SageMaker Python SDK to version v2.257.2 or v3.8.0 or newer.
  • Rebuild any existing models created with ModelBuilder using the updated SDK to regenerate signing keys.
  • Restrict S3 write permissions for the model artifact path to only trusted users or IAM roles to prevent unauthorized tampering.

Generated by OpenCVE AI on May 14, 2026 at 22:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 14 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for specially crafted model artifacts, achieving code execution in inference containers. This issue requires a remote authenticated actor with permissions to call SageMaker describe APIs and S3 write access to the model artifact path. To remediate this issue, we recommend upgrading to Amazon SageMaker Python SDK v2.257.2 or v3.8.0 and rebuild any models previously created with ModelBuilder using the updated SDK.
Title Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path
First Time appeared Amazon Sagemaker Python Sdk
Amazon Sagemaker Python Sdk aws
Weaknesses CWE-312
CPEs cpe:2.3:a:amazon_sagemaker_python_sdk:aws:*:*:*:*:*:*:*:*
Vendors & Products Amazon Sagemaker Python Sdk
Amazon Sagemaker Python Sdk aws
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H'}

Subscriptions

Amazon Sagemaker Python Sdk Aws
cve-icon MITRE

Status: PUBLISHED

Assigner: AMZN

Published:

Updated: 2026-05-15T13:30:37.604Z

Reserved: 2026-05-14T13:39:22.096Z

Link: CVE-2026-8596

cve-icon Vulnrichment

Updated: 2026-05-15T13:30:32.491Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-14T20:17:21.183

Modified: 2026-05-15T14:10:17.083

Link: CVE-2026-8596

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T22:45:31Z

Weaknesses