CVE-2026-9291

Summary

Insecure deserialization in the job results processing component in Amazon Braket SDK before 1.117.0 might allow a remote authenticated user with S3 write access to the job output bucket to achieve arbitrary code execution on any machine that processes job results.

We recommend you upgrade to amazon-braket-sdk version 1.117.0 or later.

Affected Software

VendorProductVersion RangeStatus
AWSAmazon Braket Python SDK1.10.0 < 1.117.0affected

Weaknesses

  • CWE-502: CWE-502 Deserialization of untrusted data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References