Issue with Amazon SageMaker Python SDK - Model artifact integrity verification issues (CVE-2026-8596 & CVE-2026-8597)
Amazon SageMaker Β· 2026-06-05
Actions
Technical Details
| Affected Versions | v2.199.0 to v2.257.1, v3.0.0 to v3.7.1 |
|---|---|
| Regions | all |
| CVE IDs | CVE-2026-8596, CVE-2026-8597 |
| Migration Required | Yes |
| Cost Impact | Neutral |
| IaC Impact | High |
What This Means
For DevOps Teams
Update Amazon SageMaker Python SDK to versions v2.257.2 and v3.8.0 to address security vulnerabilities (CVE-2026-8596 and CVE-2026-8597) and rebuild models previously created with ModelBuilder using the updated SDK to remove the HMAC key from container environment variables.
For Platform Teams
Adopt the latest Amazon SageMaker Python SDK versions to enhance security and integrity verification mechanisms for model artifacts, reducing the risk of unauthorized code execution and ensuring the reliability of machine learning deployments.
For Executives
Implement the latest Amazon SageMaker Python SDK to mitigate security risks associated with model artifact integrity verification issues, ensuring the protection of sensitive information and preventing unauthorized code execution in inference containers.
Source
Related Amazon SageMaker Updates
- Security Findings in SageMaker Python SDK (2026-06-05)
- Amazon SageMaker Data Agent integrates business context into conversations (2026-06-04)
- NVIDIA Nemotron 3 Ultra now available on Amazon SageMaker JumpStart (2026-06-04)
- Fundamentalβs Large Tabular Model NEXUS is now available on Amazon SageMaker JumpStart (2026-06-03)
- Amazon SageMaker Data Agent now supports conversation history (2026-06-03)