Home > Vulnerability Database > CVE-2026-1778

Mend.io Vulnerability Database

CVE-2026-1778

Good to know:

Date: February 2, 2026

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed.

Severity Score

5.9

Related Resources (10)

Url: https://github.com/aws/sagemaker-python-sdk/commit/5e7a3efa7bec0a161194ffa0cef346dda93bf2c6

Url: https://aws.amazon.com/security/security-bulletins/2026-004-AWS/

Url: https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-62rc-f4v9-h543

Url: https://github.com/aws/sagemaker-python-sdk/releases/tag/v3.1.1

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-1778

Url: https://aws.amazon.com/security/security-bulletins/2026-004-AWS

Url: https://github.com/aws/sagemaker-python-sdk

Url: https://github.com/aws/sagemaker-python-sdk/commit/c8098958910f7db78d07037425debfd4d44a6964

Url: https://github.com/aws/sagemaker-python-sdk/releases/tag/v2.256.0

Url: https://www.mend.io/vulnerability-database/CVE-2026-1778

Severity Score

5.9

Weakness Type (CWE)

Improper Certificate Validation

CWE-295

Missing Validation of OpenSSL Certificate

CWE-599

Top Fix

Upgrade Version

Upgrade to version sagemaker - 3.1.1;sagemaker - 2.256.0;https://github.com/aws/sagemaker-python-sdk.git - v3.1.1;https://github.com/aws/sagemaker-python-sdk.git - v3.4.0

Learn More

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2026-1778

Good to know:

Date: February 2, 2026

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?