Cyber Resilience

CVE-2026-1777

High

Published: 02 February 2026

Published
02 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0046 36.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-1777 is a high-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Amazon SageMaker Python (inferred from references). Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unsecured Credentials (T1552); ranked at the 36.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Machine Learning Libraries; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SC-28 (Protection of Information at Rest) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-1777 is a vulnerability in the Amazon SageMaker Python SDK versions prior to v3.2.0 and v2.256.0, where the ModelBuilder HMAC signing key is exposed in cleartext within the response elements of the DescribeTrainingJob function. This issue, classified under CWE-319 (Cleartext Storage of Sensitive Information), carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.

Exploitation requires a third party with permissions to invoke the DescribeTrainingJob API and to modify objects in the associated Training Jobs S3 output location. Such an attacker can capture the exposed HMAC key and use it to upload arbitrary artifacts to the S3 bucket, which are then executed automatically upon the next invocation of the Training Job.

AWS security bulletin 2026-004 and the associated GitHub security advisory (GHSA-rjrp-m2jw-pv9c) recommend upgrading to Amazon SageMaker Python SDK v3.2.0 or v2.256.0 as the primary mitigation. Release notes for these versions on GitHub confirm the fixes addressing the cleartext key exposure.

This vulnerability is particularly relevant to AI/ML workflows in AWS SageMaker, where compromised training jobs could lead to arbitrary code execution in machine learning pipelines.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in…

more

the Training Jobs S3 output location may have the ability to upload arbitrary artifacts which are executed the next time the Training Job is invoked.

CWE(s)

AI Security AnalysisAI

AI Category
Machine Learning Libraries
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: sagemaker

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
Why these techniques?

HMAC key exposure directly matches T1552 (Unsecured Credentials); attacker use of key to upload/poison S3 artifacts matches T1565.001 (Stored Data Manipulation) and T1105 (Ingress Tool Transfer) leading to automatic execution in training jobs.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-58107Shared CWE-319
CVE-2025-67159Shared CWE-319
CVE-2025-10174Shared CWE-319
CVE-2026-45432Shared CWE-319
CVE-2025-13718Shared CWE-319
CVE-2026-31923Shared CWE-319
CVE-2026-30796Shared CWE-319
CVE-2023-53875Shared CWE-319
CVE-2025-34271Shared CWE-319
CVE-2025-24849Shared CWE-319

Affected Assets

Amazon
SageMaker Python
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents cleartext exposure of the HMAC signing key in DescribeTrainingJob responses (CWE-319).

prevent

Limits a single identity from holding both DescribeTrainingJob API permissions and S3 object modification rights needed for exploitation.

prevent

Requires cryptographic integrity verification of training artifacts before execution, blocking use of attacker-uploaded malicious objects.

References