CVE-2026-1778

5.9 MEDIUM

📋 TL;DR

This vulnerability in Amazon SageMaker Python SDK disables TLS certificate verification when importing Triton Python models, allowing HTTPS connections with invalid or self-signed certificates. This affects users of SageMaker Python SDK who import Triton models, potentially enabling man-in-the-middle attacks.

💻 Affected Systems

Products:
  • Amazon SageMaker Python SDK
Versions: All versions before v2.256.0 and before v3.1.1
Operating Systems: All platforms running SageMaker Python SDK
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects users who import Triton Python models via the SDK.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could intercept and manipulate model data, inject malicious code into models, or steal sensitive training data through man-in-the-middle attacks.

🟠

Likely Case

Data integrity compromise during model import/export, potential data leakage if attackers intercept connections.

🟢

If Mitigated

Limited impact if network controls prevent external connections or if all endpoints use trusted certificates.

🌐 Internet-Facing: MEDIUM - Exploitable if models are imported from external sources over internet, but requires attacker to control network path.
🏢 Internal Only: LOW - Lower risk in controlled internal networks, though still vulnerable to internal attackers.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW - Requires network position to intercept HTTPS traffic.

Exploitation requires man-in-the-middle position between SageMaker and model source.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.256.0 or v3.1.1

Vendor Advisory: https://aws.amazon.com/security/security-bulletins/2026-004-AWS/

Restart Required: No

Instructions:

1. Update SageMaker Python SDK: pip install --upgrade sagemaker>=2.256.0 or sagemaker>=3.1.1
2. Verify no code overrides TLS verification settings.
3. Test Triton model imports after update.

🔧 Temporary Workarounds

Environment variable override

all

Force TLS verification via environment variable

export PYTHONHTTPSVERIFY=1

Python code workaround

all

Explicitly enable TLS verification in Python code before importing models

import ssl
ssl._create_default_https_context = ssl.create_default_context

🧯 If You Can't Patch

  • Restrict network access to only trusted model sources using firewalls or network policies.
  • Use VPN or private endpoints for all model import connections to prevent interception.

🔍 How to Verify

Check if Vulnerable:

Check SDK version: pip show sagemaker | grep Version. If version <2.256.0 or <3.1.1, you may be vulnerable if importing Triton models.

Check Version:

pip show sagemaker | grep Version

Verify Fix Applied:

After update, test importing a Triton model while monitoring network traffic for proper TLS handshake.

📡 Detection & Monitoring

Log Indicators:

  • Failed TLS certificate validation warnings suppressed
  • HTTPS connections to untrusted sources

Network Indicators:

  • HTTPS connections accepting self-signed certificates during model import
  • Unusual outbound connections during SageMaker operations

SIEM Query:

source="sagemaker" AND ("certificate" OR "TLS" OR "SSL") AND ("ignore" OR "disable" OR "bypass")

📊 Metadata

CVE ID: CVE-2026-1778
CVSS v3 Score: 5.9 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-295
Published: February 2, 2026
Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share This