CVE-2026-1777
HIGH
GHSA-rjrp-m2jw-pv9c
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in the Training Jobs S3 output location may have the ability to upload arbitrary artifacts which are executed the next time the Training Job is invoked.
Analysis
Amazon SageMaker Python SDK versions before 3.2.0 and 2.256.0 expose the ModelBuilder HMAC signing key in cleartext API responses, allowing authenticated users with S3 bucket write access to inject malicious artifacts into training jobs that execute with elevated privileges. An attacker with dual permissions to call the DescribeTrainingJob API and modify the training output S3 location can achieve arbitrary code execution when the compromised job runs. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all SageMaker deployments and identify those running SDK versions before v3.2.0 or v2.256.0; restrict API access to DescribeTrainingJob through IAM policies and network controls. Within 7 days: Rotate all ModelBuilder HMAC signing keys and secrets associated with affected SageMaker instances; implement enhanced monitoring for unauthorized API calls and key usage. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today