{"id":"CVE-2026-8596","summary":"Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path","details":"Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for specially crafted model artifacts, achieving code execution in inference containers. This issue requires a remote authenticated actor with permissions to call SageMaker describe APIs and S3 write access to the model artifact path.\n\n\n\nTo remediate this issue, we recommend upgrading to Amazon SageMaker Python SDK v2.257.2 or v3.8.0 and rebuild any models previously created with ModelBuilder using the updated SDK.","aliases":["GHSA-7hh5-prp2-mfh5"],"modified":"2026-07-08T08:13:52.352584526Z","published":"2026-05-14T19:35:51.421Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/8xxx/CVE-2026-8596.json","cwe_ids":["CWE-312"],"cna_assigner":"AMZN"},"references":[{"type":"ADVISORY","url":"https://aws.amazon.com/security/security-bulletins/2026-031-aws/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/8xxx/CVE-2026-8596.json"},{"type":"ADVISORY","url":"https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-7hh5-prp2-mfh5"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8596"},{"type":"FIX","url":"https://github.com/aws/sagemaker-python-sdk/releases/tag/v2.257.2"},{"type":"FIX","url":"https://github.com/aws/sagemaker-python-sdk/releases/tag/v3.8.0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/aws/sagemaker-python-sdk","events":[{"introduced":"0"},{"fixed":"4c184d4814262972846879c21b88fb9abf01b7f9"},{"fixed":"98683ac4cf5fcb0e734ff46ec046d32ade44494e"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"v2.257.2"},{"introduced":"v3"},{"fixed":"v3.8.0"}],"source":["DESCRIPTION","REFERENCES"]}}],"versions":["v3.8.0","v3.7.1","v3.7.0","v3.6.0","v3.5.0","v3.4.1","v3.4.0","v3.3.1","v3.3.0","v3.2.0","v3.1.1","v3.1.0","v3.0.1","v3.0.0","v2.237.2","v2.237.3","v2.237.1","v2.237.0","v2.236.0","v2.235.2","v2.235.1","v2.235.0","v2.234.0","v2.233.0","v2.232.3","v2.232.2","v2.232.1","v2.232.0","v2.231.0","v2.230.0","v2.229.0","v2.228.0","v2.227.0","v2.226.1","v2.226.0","v2.225.0","v2.224.4","v2.224.3","v2.224.2","v2.224.1","v2.224.0","v2.223.0","v2.222.1","v2.222.0","v2.221.1","v2.221.0","v2.220.0","v2.219.0","v2.218.1","v2.218.0","v2.217.0","v2.216.1","v2.216.0","v2.215.0","v2.214.3","v2.214.2","v2.214.1","v2.214.0","v2.213.0","v2.212.0","v2.211.0","v2.210.0","v2.209.0","v2.208.0","v2.207.1","v2.207.0","v2.206.0","v2.205.0","v2.204.0","v2.203.1","v2.203.0","v2.202.1","v2.202.0","v2.201.0","v2.200.1","v2.200.0","v2.199.0","v2.198.0","v2.197.0","v2.196.0","v2.195.1","v2.195.0","v2.194.0","v2.193.0","v2.192.1","v2.192.0","v2.191.0","v2.190.0","v2.189.0","v2.188.0","v2.187.0","v2.186.0","v2.185.0","v2.184.0.post0","v2.184.0","v2.183.0","v2.182.0","v2.181.0","v2.180.0","v2.179.0","v2.178.0","v2.177.1","v2.177.0","v2.176.0","v2.175.0","v2.174.0","v2.173.0","v2.172.0","v2.171.0","v2.170.0","v2.169.0","v2.168.0","v2.167.0","v2.166.0","v2.165.0","v2.164.0","v2.163.0","v2.162.0","v2.161.0","v2.160.0","v2.159.0","v2.158.0","v2.157.0","v2.156.0","v2.155.0","v2.154.0","v2.153.0","v2.152.0","v2.151.0","v2.150.0","v2.149.0","v2.148.0","v2.147.0","v2.146.1","v2.146.0","v2.145.0","v2.144.0","v2.143.0","v2.142.0","v2.141.0","v2.140.1","v2.140.0","v2.139.0","v2.138.0","v2.137.0","v2.136.0","v2.135.1.post0","v2.135.1","v2.135.0","v2.134.1","v2.134.0","v2.133.0","v2.132.0","v2.131.1","v2.131.0","v2.130.0","v2.129.0","v2.128.0","v2.127.0","v2.126.0","v2.125.0","v2.118.0","v2.117.0","v2.116.0","v2.115.0","v2.114.0","v2.113.0","v2.112.2","v2.112.1","v2.112.0","v2.111.0","v2.110.0","v2.109.0","v2.108.0","v2.107.0","v2.106.0","v2.105.0","v2.104.0","v2.103.0","v2.102.0","v2.101.1","v2.101.0","v2.100.0","v2.99.0","v2.98.0","v2.97.0","v2.96.0","v2.95.0","v2.94.0","v2.93.1","v2.93.0","v2.92.2","v2.92.1","v2.92.0","v2.91.1","v2.91.0","v2.90.0","v2.89.0","v2.88.3","v2.88.2","v2.88.1","v2.88.0","v2.87.0","v2.86.2","v2.86.1","v2.86.0","v2.85.0","v2.84.0","v2.83.0","v2.82.2","v2.82.1","v2.82.0","v2.81.1","v2.81.0","v2.80.0","v2.79.0","v2.78.0","v2.77.1","v2.77.0","v2.76.0","v2.75.0","v2.74.0","v2.73.0","v2.72.3","v2.72.2","v2.72.1","v2.72.0","v2.71.0","v2.70.0","v2.69.0","v2.68.0","v2.67.0","v2.66.2.post0","v2.66.2","v2.66.1","v2.66.0","v2.65.0","v2.64.0","v2.63.2","v2.63.1","v2.63.0","v2.62.0","v2.61.0","v2.60.0","v2.59.8","v2.59.7","v2.59.6","v2.59.5","v2.59.4","v2.59.3.post0","v2.59.3","v2.59.2","v2.59.1.post0","v2.59.1","v2.59.0","v2.58.0","v2.57.0","v2.56.0","v2.55.0","v2.54.0","v2.53.0","v2.52.2.post0","v2.52.2","v2.52.1","v2.52.0","v2.51.0","v2.50.1","v2.50.0","v2.49.2","v2.49.1","v2.49.0","v2.48.2","v2.48.1","v2.48.0","v2.47.2.post0","v2.47.2","v2.47.1","v2.47.0","v2.46.1","v2.46.0","v2.45.0","v2.44.0","v2.43.0","v2.42.1","v2.42.0","v2.41.0","v2.40.0","v2.39.1","v2.39.0.post0","v2.39.0","v2.38.0","v2.37.0","v2.36.0","v2.35.0","v2.34.0","v2.33.0","v2.32.1","v2.32.0","v2.31.1","v2.31.0","v2.30.0","v2.29.2","v2.29.1","v2.29.0","v2.28.0","v2.27.1","v2.27.0","v2.26.0","v2.25.2","v2.25.1","v2.25.0","v2.24.5","v2.24.4","v2.24.3","v2.24.2","v2.24.1","v2.24.0","v2.23.6","v2.23.5","v2.23.4.post0","v2.23.4","v2.23.3","v2.23.2","v2.23.1","v2.23.0","v2.22.0","v2.21.0","v2.20.0","v2.19.0","v2.18.0","v2.17.0","v2.16.4","v2.16.3.post0","v2.16.3","v2.16.2","v2.16.1","v2.16.0.post0","v2.16.0","v2.15.4","v2.15.3","v2.15.2","v2.15.1","v2.15.0","v2.14.0","v2.13.0","v2.12.0","v2.11.0","v2.10.0","v1.72.0","v2.9.2","v2.9.1","v2.9.0","v2.8.0","v2.7.0","v2.6.0","v2.5.5","v2.5.4","v2.5.3","v2.5.2","v2.5.1","v2.5.0","v2.4.2","v2.4.1","v2.4.0","v2.3.0","v2.2.0","v2.1.0","v2.0.1","v2.0.0","v1.71.1","v1.71.0","v1.70.2","v1.70.1","v1.70.0","v1.69.0","v1.68.0","v1.67.1.post0","v1.67.1","v1.67.0","v1.66.0","v1.65.1.post1","v1.65.1.post0","v1.65.1","v1.65.0","v1.64.1","v1.64.0","v1.63.0","v1.62.0","v1.61.0","v1.60.2","v1.60.1.post0","v1.60.1","v1.60.0.post0","v1.60.0","v1.59.0","v1.58.4","v1.58.3","v1.58.2.post0","v1.58.2","v1.58.1","v1.58.0","v1.57.0","v1.56.3","v1.56.2","v1.56.1.post1","v1.56.1.post0","v1.56.1","v1.56.0","v1.55.4","v1.55.3","v1.55.2","v1.55.1","v1.55.0.post0","v1.55.0","v1.54.0","v1.53.0","v1.52.1","v1.52.0.post0","v1.52.0","v1.51.4","v1.51.3","v1.51.2","v1.51.1","v1.51.0","v1.50.18.post0","v1.50.18","v1.50.17.post0","v1.50.17","v1.50.16","v1.50.15","v1.50.14.post0","v1.50.14","v1.50.13","v1.50.12","v1.50.11","v1.50.10.post0","v1.50.10","v1.50.9.post0","v1.50.9","v1.50.8","v1.50.7","v1.50.6.post0","v1.50.6","v1.50.5","v1.50.4","v1.50.3","v1.50.2","v1.50.1","v1.50.0","v1.49.0","v1.48.1","v1.48.0","v1.47.1","v1.46.0","v1.45.2","v1.45.1","v1.45.0","v1.44.4","v1.44.3","v1.44.2","v1.44.1","v1.44.0","v1.43.5","v1.43.4.post1","v1.43.4.post0","v1.43.4","v1.43.3","v1.43.2","v1.43.1","v1.43.0","v1.42.9","v1.42.8","v1.42.7","v1.42.6.post0","v1.42.6","v1.42.5","v1.42.4","v1.42.3","v1.42.2","v1.42.1","v1.42.0","v1.41.0","v1.40.2","v1.40.1","v1.40.0","v1.39.4","v1.39.3","v1.39.2","v1.39.1","v1.39.0","v1.38.6","v1.38.5","v1.38.4","v1.38.3","v1.38.2","v1.38.1","v1.38.0","v1.37.2","v1.37.1","v1.37.0","v1.36.4","v1.36.3","v1.36.2","v1.36.1","v1.36.0","v1.35.1","v1.35.0","v1.34.3","v1.34.2","v1.34.1","v1.34.0","v1.33.0","v1.32.2","v1.32.1","v1.32.0","v1.31.1","v1.31.0","v1.30.0","v1.29.0","v1.28.3","v1.28.2","v1.28.1","v1.28.0","v1.27.0","v1.26.0","v1.25.1","v1.25.0","v1.24.0","v1.23.0","v1.22.0","v1.21.2","v1.21.1","v1.21.0","v1.20.3","v1.20.2","v1.20.1","v1.20.0","v1.19.1","v1.19.0","v1.18.19","v1.18.18","v1.18.17","v1.18.16","v1.18.15","v1.18.14.post1","v1.18.14.post0","v1.18.14","v1.18.13","v1.18.12","v1.18.11","v1.18.10","v1.18.9.post1","v1.18.9.post0","v1.18.9","v1.18.8","v1.18.7","v1.18.6.post0","v1.18.6","v1.18.5","v1.18.4","v1.18.3.post1","v1.18.3","v1.18.2","v1.18.1","v1.18.0","v1.17.2","v1.17.1","v1.17.0","v1.16.3","v1.16.2","v1.16.1.post1","v1.16.1","v1.15.2","v1.15.1","v1.15.0","v1.14.2","v1.14.1","v1.14.0","v1.13.0","v1.12.0","v1.11.3","v1.11.2","v1.11.1","v1.11.0","v1.10.1","v1.10.0","v1.9.3.1","v1.9.3","v1.9.2","v1.9.1","v1.9.0","v1.8.0","v1.7.2","v1.7.1","v1.7.0","v1.6.1","v1.6.0","v1.5.4","v1.5.3","v1.5.2","v1.5.1","v1.5.0","v1.4.2","v1.4.1","v1.4.0","v1.3.0","v1.2.5","v1.2.4","v1.2.3","v1.2.2","v1.2.1","v1.2.0","v1.1.3","v1.1.2","v1.1.1","v1.1.0","v1.0.4","v1.0.3","v1.0.2","v1.0.1","v1.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8596.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H"}]}