Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-1778
PUBLISHED
More InfoOfficial Page
Assigner-AMZN
Assigner Org ID-ff89ba41-3aa1-4d27-914a-91399e9639e5
View Known Exploited Vulnerability (KEV) details
Published At-02 Feb, 2026 | 20:14
Updated At-04 Feb, 2026 | 16:28
Rejected At-
▼CVE Numbering Authority (CNA)
TLS disabled by default in select aws/sagemaker-python-sdk configurations

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed.

Affected Products
Vendor
AWS
Product
SageMaker Python SDK
Default Status
unaffected
Versions
Unaffected
  • 3.1.1
  • 2.256.0
Problem Types
TypeCWE IDDescription
CWECWE-295CWE-295 Improper Certificate Validation
Type: CWE
CWE ID: CWE-295
Description: CWE-295 Improper Certificate Validation
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
4.08.2HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Version: 4.0
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-459CAPEC-459 Creating a Rogue Certification Authority Certificate
CAPEC ID: CAPEC-459
Description: CAPEC-459 Creating a Rogue Certification Authority Certificate
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://aws.amazon.com/security/security-bulletins/2026-004-AWS/
vendor-advisory
https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-62rc-f4v9-h543
third-party-advisory
https://github.com/aws/sagemaker-python-sdk/releases/tag/v3.1.1
patch
https://github.com/aws/sagemaker-python-sdk/releases/tag/v2.256.0
patch
Hyperlink: https://aws.amazon.com/security/security-bulletins/2026-004-AWS/
Resource:
vendor-advisory
Hyperlink: https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-62rc-f4v9-h543
Resource:
third-party-advisory
Hyperlink: https://github.com/aws/sagemaker-python-sdk/releases/tag/v3.1.1
Resource:
patch
Hyperlink: https://github.com/aws/sagemaker-python-sdk/releases/tag/v2.256.0
Resource:
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Details not found