← volver
CVE-2026-1778

TLS disabled by default in select aws/sagemaker-python-sdk configurations

CVSS 8.2 HIGHEPSS 0.2%CWE-295
Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Productos afectados
AWS · SageMaker Python SDK

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://aws.amazon.com/security/security-bulletins/2026-004-AWS/https://github.com/aws/sagemaker-python-sdk/releases/tag/v2.256.0https://github.com/aws/sagemaker-python-sdk/releases/tag/v3.1.1https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-62rc-f4v9-h543