CVE-2026-8597
CVE-2026-8597 is a high-severity vulnerability with a CVSS 3.x base score of 7.2. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-354.
Key facts
- Severity: High (CVSS 3.x base score 7.2)
- CVSS v4: 6.4
- EPSS exploit prediction: 0% (31st percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2026-30423
- Weakness: CWE-354
- Published:
- Last modified:
Description
Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle payload that is deserialized without verification. This issue requires a remote authenticated actor with S3 write access to the model artifact path. To remediate this issue, we recommend upgrading to Amazon SageMaker Python SDK v2.257.2 or v3.8.0 and rebuild any Triton models previously created with ModelBuilder using the updated SDK.
Frequently asked questions
- What is CVE-2026-8597?
- Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle payload that is deserialized without verification. This issue requires a remote authenticated actor with S3 write access to the model artifact path. To remediate this issue, we recommend upgrading to Amazon SageMaker Python SDK v2.257.2 or v3.8.0 and rebuild any Triton models previously created with ModelBuilder using the updated SDK.
- How severe is CVE-2026-8597?
- CVE-2026-8597 has a CVSS 3.x base score of 7.2, rated high severity. It is exploitable over network with low attack complexity, requires high privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2026-8597 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (31st percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2026-8597?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- Does CVE-2026-8597 have an EU (EUVD) identifier?
- Yes. CVE-2026-8597 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-30423.
- When was CVE-2026-8597 published?
- CVE-2026-8597 was published on 2026-05-14 and last updated on 2026-06-17.
References
- https://aws.amazon.com/security/security-bulletins/2026-031-aws/
- https://github.com/aws/sagemaker-python-sdk/releases/tag/v2.257.2
- https://github.com/aws/sagemaker-python-sdk/releases/tag/v3.8.0
- https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-rq6v-x3j8-7qgf
Other CWE-354 vulnerabilities
- CVE-2025-11543 — Critical (CVSS 9.8): Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may…
- CVE-2024-25678 — Critical (CVSS 9.8): In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.
- CVE-2023-33668 — Critical (CVSS 9.8): DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover…
- CVE-2017-15994 — Critical (CVSS 9.8): rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to…
- CVE-2026-49230 — Critical (CVSS 9.1): Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default…
- CVE-2026-34182 — Critical (CVSS 9.1): Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the…