Cyber Resilience

CVE-2026-8597

Medium

Published: 14 May 2026

Published
14 May 2026
Modified
15 May 2026
KEV Added
Patch
CVSS Score v4 6.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0004 14.0th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-8597 is a medium-severity Improper Validation of Integrity Check Value (CWE-354) vulnerability in Amazon SageMaker Python (inferred from references). Its CVSS base score is 6.4 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Python (T1059.006); ranked at the 14.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Other Platforms; in the Supply Chain and Deployment risk domain.

EU & UK References

Vulnerability details

Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3…

more

with a specially crafted pickle payload that is deserialized without verification. This issue requires a remote authenticated actor with S3 write access to the model artifact path. To remediate this issue, we recommend upgrading to Amazon SageMaker Python SDK v2.257.2 or v3.8.0 and rebuild any Triton models previously created with ModelBuilder using the updated SDK.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: sagemaker

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.006 Python Execution
Adversaries may abuse Python commands and scripts for execution.
Why these techniques?

Missing integrity check on S3 model artifacts enables remote authenticated attacker with write access to upload malicious pickle payload, which is deserialized by the Triton handler in the SageMaker Python SDK, directly resulting in arbitrary code execution via Python.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2023-48795Shared CWE-354
CVE-2026-32105Shared CWE-354
CVE-2026-32313Shared CWE-354
CVE-2026-28402Shared CWE-354
CVE-2026-32600Shared CWE-354
CVE-2026-31839Shared CWE-354
CVE-2026-5479Shared CWE-354
CVE-2026-28498Shared CWE-354
CVE-2026-26275Shared CWE-354
CVE-2026-33026Shared CWE-354

Affected Assets

Amazon
SageMaker Python
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-354

Proper validation of integrity check values is required for reliable tamper detection, directly reducing undetected modification risks.

addresses: CWE-354

Requires validation of integrity check values on every resolution response, directly mitigating tampered or corrupted DNS data.

addresses: CWE-354

Control mandates proper validation of integrity values (checksums) on prepared data, making flawed validation of those checks ineffective for attackers.

addresses: CWE-354

Requires use of proper integrity verification tools, reducing the chance an incorrect check value is accepted.

addresses: CWE-354

Requires proper validation of integrity mechanisms, directly mitigating flawed check-value handling.

References