CVE-2026-1778
Unknown Unknown - Not Provided
TLS Verification Bypass in Amazon SageMaker Python SDK Triton Import

Publication date: 2026-02-02

Last updated on: 2026-02-03

Assigner: AMZN

Description
Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-02
Last Modified
2026-02-03
Generated
2026-06-16
AI Q&A
2026-02-03
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1778
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
amazon sagemaker_python_sdk to 3.1.1|end_excluding=2.256.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Amazon SageMaker Python SDK versions before v3.1.1 or v2.256.0, where TLS certificate verification is disabled for HTTPS connections when a Triton Python model is imported. This means the service incorrectly allows requests with invalid or self-signed certificates to succeed, potentially exposing the system to man-in-the-middle attacks or other security risks.

Impact Analysis

The vulnerability can impact you by allowing attackers to intercept or manipulate HTTPS traffic between your service and external endpoints due to the acceptance of invalid or self-signed TLS certificates. This can lead to unauthorized data modification or injection, compromising the integrity of your data and potentially leading to security breaches.

Mitigation Strategies

Upgrade the Amazon SageMaker Python SDK to version 3.1.1 or later, or version 2.256.0 or later, to ensure TLS certificate verification is properly enabled and requests with invalid or self-signed certificates are rejected.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1778. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart