Lucene search
K

147 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/14 7:37 p.m.8 views

CVE-2026-8597

Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle...

7.2CVSS6.2AI score0.0039EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/14 7:37 p.m.9 views

CVE-2026-8597 Missing integrity verification in Triton inference handler in Amazon SageMaker Python SDK

Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle...

7.2CVSS6.2AI score0.0039EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/14 7:35 p.m.7 views

CVE-2026-8596 Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...

8.5CVSS6.2AI score0.00439EPSS
Exploits0References4
CVE
CVE
added 2026/05/14 7:35 p.m.20 views

CVE-2026-8596

CVE-2026-8596: The ModelBuilder/Serve path in the Amazon SageMaker Python SDK stores the HMAC signing key in cleartext. A remote, authenticated actor with SageMaker describe API permissions and S3 write access to the model artifact path could extract the key from API responses and forge integrity...

8.5CVSS6.2AI score0.00439EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.22 views

PT-2026-41118

Name of the Vulnerable Software and Affected Versions Amazon SageMaker Python SDK versions prior to 2.257.2 Amazon SageMaker Python SDK versions prior to 3.8.0 Description Missing integrity verification in the Triton inference handler allows a remote authenticated actor with S3 write access to th...

7.2CVSS6.2AI score0.0039EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

Amazon SageMaker Python SDK 安全漏洞

Amazon SageMaker Python SDK is a development toolkit provided by Amazon, Inc., for building, training, and deploying machine learning models. Versions of the Amazon SageMaker Python SDK prior to v2.257.2 and v3.8.0 contained security vulnerabilities. These vulnerabilities stemmed from a lack of...

7.2CVSS6AI score0.0039EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.13 views

PT-2026-41117

Name of the Vulnerable Software and Affected Versions Amazon SageMaker Python SDK versions prior to 2.257.2 Amazon SageMaker Python SDK versions prior to 3.8.0 Description The ModelBuilder/Serve component stores sensitive information in cleartext. A remote authenticated actor with permissions to...

8.5CVSS6.2AI score0.00439EPSS
Exploits0References9
vulnersOsv
vulnersOsv
added 2026/05/11 9:31 p.m.9 views

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +346 more potentially affected by CVE-2026-2614 via mlflow (>=0.8.2 <=3.0.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2026-2614 Source advisory: OSV:GHSA-42H5-H8QH-VV9V...

7.5CVSS7AI score0.00696EPSS
Exploits1
OSV
OSV
added 2026/04/16 11:45 p.m.7 views

BIT-MLFLOW-2025-14287 Command Injection in mlflow/mlflow

A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the mlflow/sagemaker/init.py file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, whic...

8.8CVSS7.4AI score0.01456EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:5 p.m.5 views

CVE-2025-33238

NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service...

7.5CVSS5.8AI score0.00323EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/24 9:31 p.m.7 views

EUVD-2025-208968

NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service...

7.5CVSS5.8AI score0.00323EPSS
Exploits0References3
NVD
NVD
added 2026/03/24 9:16 p.m.2 views

CVE-2025-33238

NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service...

7.5CVSS0.00323EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/24 8:25 p.m.4 views

CVE-2025-33238

NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service...

7.5CVSS5.8AI score0.00323EPSS
Exploits0References4
CVE
CVE
added 2026/03/24 8:25 p.m.12 views

CVE-2025-33238

Summary: CVE-2025-33238 affects NVIDIA Triton Inference Server. The connected document details that the JSON-based HTTP endpoint (Sagemaker HTTP server) can trigger an exception, potentially leading to a denial of service. The risk is described with a CVSS-like vector and a base score of 7.5 (Hig...

7.5CVSS5.8AI score0.00323EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/24 8:25 p.m.22 views

CVE-2025-33238

NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service...

7.5CVSS0.00323EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/24 8:25 p.m.1 views

CVE-2025-33238

NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service...

7.5CVSS5.8AI score0.00323EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.9 views

NVIDIA Triton Inference Server 竞争条件问题漏洞

NVIDIA Triton Inference Server is an open-source software developed by NVIDIA Corporation. It helps standardize model deployment and provide fast, scalable AI in production environments. There is a vulnerability in NVIDIA Triton Inference Server Sagemaker HTTP server, which may lead to exceptions...

7.5CVSS5.8AI score0.00323EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.5 views

PT-2026-27502

NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service...

7.5CVSS5.8AI score0.00323EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/16 3:30 p.m.5 views

EUVD-2025-208671

A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the mlflow/sagemaker/init.py file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, whic...

7.5CVSS6.1AI score0.01456EPSS
Exploits1References2
OSV
OSV
added 2026/03/16 3:30 p.m.3 views

GHSA-XCH3-2F9X-WH9F MLflow has a command injection in mlflow/sagemaker/__init__.py

A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the mlflow/sagemaker/init.py file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, whic...

7.5CVSS6.1AI score0.01456EPSS
Exploits1References6
Rows per page
Query Builder