Medium severity5.9OSV Advisory· Published Feb 2, 2026· Updated Apr 15, 2026
CVE-2026-1778
CVE-2026-1778
Description
Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sagemakerPyPI | >= 3.0, < 3.1.1 | 3.1.1 |
sagemakerPyPI | < 2.256.0 | 2.256.0 |
Affected products
1- Range: v1.0.0, v1.0.1, v1.0.2, …
Patches
25e7a3efa7becft: Remove insecure SSL context creation in Triton Python backend (#5372)
1 file changed · +0 −5
sagemaker-serve/src/sagemaker/serve/model_server/triton/model.py+0 −5 modified@@ -3,7 +3,6 @@ from __future__ import absolute_import import os import logging -import ssl from pathlib import Path import platform @@ -13,10 +12,6 @@ logger = logging.getLogger(__name__) -# Otherwise it will complain SSL: CERTIFICATE_VERIFY_FAILED -# When trying to download models from torchvision -ssl._create_default_https_context = ssl._create_unverified_context - TRITON_MODEL_DIR = os.getenv("TRITON_MODEL_DIR")
c8098958910fRemove insecure SSL context creation in Triton Python backend (#5375)
1 file changed · +0 −5
src/sagemaker/serve/model_server/triton/model.py+0 −5 modified@@ -3,7 +3,6 @@ from __future__ import absolute_import import os import logging -import ssl from pathlib import Path import platform @@ -13,10 +12,6 @@ logger = logging.getLogger(__name__) -# Otherwise it will complain SSL: CERTIFICATE_VERIFY_FAILED -# When trying to download models from torchvision -ssl._create_default_https_context = ssl._create_unverified_context - TRITON_MODEL_DIR = os.getenv("TRITON_MODEL_DIR")
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
9- github.com/advisories/GHSA-62rc-f4v9-h543ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-1778ghsaADVISORY
- aws.amazon.com/security/security-bulletins/2026-004-AWSghsaWEB
- github.com/aws/sagemaker-python-sdk/commit/5e7a3efa7bec0a161194ffa0cef346dda93bf2c6ghsaWEB
- github.com/aws/sagemaker-python-sdk/commit/c8098958910f7db78d07037425debfd4d44a6964ghsaWEB
- github.com/aws/sagemaker-python-sdk/releases/tag/v2.256.0nvdWEB
- github.com/aws/sagemaker-python-sdk/releases/tag/v3.1.1nvdWEB
- github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-62rc-f4v9-h543nvdWEB
- aws.amazon.com/security/security-bulletins/2026-004-AWS/nvd
News mentions
0No linked articles in our index yet.