EXECUTIVE SUMMARY:
CVE-2026-9291 with a CVSS score of 7.5 is a vulnerability in the amazon-braket-sdk, a Python library for interacting with the Amazon Braket quantum computing service, specifically affecting versions 1.10.0 and later, up to but not including 1.117.0. This vulnerability occurs due to insecure deserialization via the pickle.loads() function, which can be exploited when the deserialize_values() function reads the dataFormat field from a job results JSON file without proper validation. An attacker with remote authenticated access and S3 write access to a Braket job output bucket can modify the dataFormat field and replace dataDictionary values with base64-encoded executable payloads, allowing them to achieve arbitrary code execution when the victim calls certain functions as part of their normal workflow, gaining the capability to execute code with the victim's permissions. The business impact of this vulnerability is high, as successful exploitation can lead to significant consequences, including data breaches and system compromise, and it requires specific prerequisites, including S3 write access to the victim's job output bucket and the ability to modify the dataFormat field in the job results JSON file.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-9291 with a CVSS score of 7.5 is a vulnerability in the amazon-braket-sdk, a Python library for interacting with the Amazon Braket quantum computing service, specifically affecting versions 1.10.0 and later, up to but not including 1.117.0. This vulnerability occurs due to insecure deserialization via the pickle.loads() function, which can be exploited when the deserialize_values() function reads the dataFormat field from a job results JSON file without proper validation. An attacker with remote authenticated access and S3 write access to a Braket job output bucket can modify the dataFormat field and replace dataDictionary values with base64-encoded executable payloads, allowing them to achieve arbitrary code execution when the victim calls certain functions as part of their normal workflow, gaining the capability to execute code with the victim's permissions. The business impact of this vulnerability is high, as successful exploitation can lead to significant consequences, including data breaches and system compromise, and it requires specific prerequisites, including S3 write access to the victim's job output bucket and the ability to modify the dataFormat field in the job results JSON file.[emaillocker id="1283"]
RECOMMENDATION:
We recommend you to update amazon-braket-sdk to version 1.117.0.
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-g697-2xrc-gc46