CVE-2026-8597
Published: 14 May 2026
Summary
CVE-2026-8597 is a medium-severity Improper Validation of Integrity Check Value (CWE-354) vulnerability in Amazon SageMaker Python (inferred from references). Its CVSS base score is 6.4 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Python (T1059.006); ranked at the 14.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other Platforms; in the Supply Chain and Deployment risk domain.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-30423
Vulnerability details
Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3…
more
with a specially crafted pickle payload that is deserialized without verification. This issue requires a remote authenticated actor with S3 write access to the model artifact path. To remediate this issue, we recommend upgrading to Amazon SageMaker Python SDK v2.257.2 or v3.8.0 and rebuild any Triton models previously created with ModelBuilder using the updated SDK.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: sagemaker
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing integrity check on S3 model artifacts enables remote authenticated attacker with write access to upload malicious pickle payload, which is deserialized by the Triton handler in the SageMaker Python SDK, directly resulting in arbitrary code execution via Python.
CVEs Like This One
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Proper validation of integrity check values is required for reliable tamper detection, directly reducing undetected modification risks.
Requires validation of integrity check values on every resolution response, directly mitigating tampered or corrupted DNS data.
Control mandates proper validation of integrity values (checksums) on prepared data, making flawed validation of those checks ineffective for attackers.
Requires use of proper integrity verification tools, reducing the chance an incorrect check value is accepted.
Requires proper validation of integrity mechanisms, directly mitigating flawed check-value handling.