Improper TLS Certificate Validation

SageMaker is vulnerable to Improper TLS Certificate Validation. The vulnerability is due to TLS certificate verification being disabled when importing Triton Python models, allowing HTTPS connections with invalid or self-signed certificates to succeed, which exposes applications to...

CVE-2026-1778 TLS disabled by default in select aws/sagemaker-python-sdk configurations

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...

Amazon SageMaker Python SDK 安全漏洞

Amazon SageMaker Python SDK is a development toolkit provided by Amazon, Inc., for building, training, and deploying machine learning models. Versions of the Amazon SageMaker Python SDK prior to v3.1.1 and v2.256.0 contained security vulnerabilities. These vulnerabilities stemmed from the disabli...

PT-2026-5709

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...