CNNVD-202602-057 Information
CNNVD ID
CNNVD-202602-057
Related CVE
- CNNVD Published: 2026-02-02
Description (Chinese)
Amazon SageMaker Python SDK是美国亚马逊(Amazon)公司的一个构件、训练和部署机器学习模型的开发者工具包。 Amazon SageMaker Python SDK v3.1.1之前版本和v2.256.0之前版本存在安全漏洞,该漏洞源于导入Triton Python模型时禁用TLS证书验证,可能导致接受无效和自签名证书的请求。
Description (English)
Amazon SageMaker Python SDK is a developer ’ s toolkit for a building block, training and deployment machine learning model for Amazon America. There is a security loophole in previous versions of Amazon SageMaker Python SDK v3.1.1, and in previous versions of v2.256.0, which stems from the ban on TLS certification when importing the Triton Python model, which may lead to the acceptance of requests for invalid and self-signed certificates.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
亚马逊
Published
2026-02-02
Last Modified
2026-02-24
References
https://aws.amazon.com/security/security-bulletins/2026-004-AWS/ https://access.redhat.com/security/cve/cve-2026-1778
Patch
https://aws.amazon.com/cn/security/security-bulletins/2026-004-AWS/
Share on: