CVE-2026-1778

Summary

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed.

Affected Software

VendorProductVersion RangeStatus
AWSSageMaker Python SDK3.1.1unaffected
AWSSageMaker Python SDK2.256.0unaffected

Weaknesses

  • CWE-295: CWE-295 Improper Certificate Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References