147 matches found
CVE-2026-8597
Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle...
CVE-2026-8597 Missing integrity verification in Triton inference handler in Amazon SageMaker Python SDK
Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle...
CVE-2026-8596 Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path
Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...
CVE-2026-8596
CVE-2026-8596: The ModelBuilder/Serve path in the Amazon SageMaker Python SDK stores the HMAC signing key in cleartext. A remote, authenticated actor with SageMaker describe API permissions and S3 write access to the model artifact path could extract the key from API responses and forge integrity...
PT-2026-41118
Name of the Vulnerable Software and Affected Versions Amazon SageMaker Python SDK versions prior to 2.257.2 Amazon SageMaker Python SDK versions prior to 3.8.0 Description Missing integrity verification in the Triton inference handler allows a remote authenticated actor with S3 write access to th...
Amazon SageMaker Python SDK 安全漏洞
Amazon SageMaker Python SDK is a development toolkit provided by Amazon, Inc., for building, training, and deploying machine learning models. Versions of the Amazon SageMaker Python SDK prior to v2.257.2 and v3.8.0 contained security vulnerabilities. These vulnerabilities stemmed from a lack of...
PT-2026-41117
Name of the Vulnerable Software and Affected Versions Amazon SageMaker Python SDK versions prior to 2.257.2 Amazon SageMaker Python SDK versions prior to 3.8.0 Description The ModelBuilder/Serve component stores sensitive information in cleartext. A remote authenticated actor with permissions to...
a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +346 more potentially affected by CVE-2026-2614 via mlflow (>=0.8.2 <=3.0.1)
mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2026-2614 Source advisory: OSV:GHSA-42H5-H8QH-VV9V...
BIT-MLFLOW-2025-14287 Command Injection in mlflow/mlflow
A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the mlflow/sagemaker/init.py file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, whic...
CVE-2025-33238
NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service...
EUVD-2025-208968
NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service...
CVE-2025-33238
NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service...
CVE-2025-33238
NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service...
CVE-2025-33238
Summary: CVE-2025-33238 affects NVIDIA Triton Inference Server. The connected document details that the JSON-based HTTP endpoint (Sagemaker HTTP server) can trigger an exception, potentially leading to a denial of service. The risk is described with a CVSS-like vector and a base score of 7.5 (Hig...
CVE-2025-33238
NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service...
CVE-2025-33238
NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service...
NVIDIA Triton Inference Server 竞争条件问题漏洞
NVIDIA Triton Inference Server is an open-source software developed by NVIDIA Corporation. It helps standardize model deployment and provide fast, scalable AI in production environments. There is a vulnerability in NVIDIA Triton Inference Server Sagemaker HTTP server, which may lead to exceptions...
PT-2026-27502
NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service...
EUVD-2025-208671
A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the mlflow/sagemaker/init.py file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, whic...
GHSA-XCH3-2F9X-WH9F MLflow has a command injection in mlflow/sagemaker/__init__.py
A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the mlflow/sagemaker/init.py file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, whic...