Amazon Braket SDK 1.117.0 Fix: Insecure Deserialization (Remote Exec)
CVE-2026-9291 Published on May 22, 2026
Insecure Deserialization in Amazon Braket SDK Job Results Processing
Insecure deserialization in the job results processing component in Amazon Braket SDK before 1.117.0 might allow a remote authenticated user with S3 write access to the job output bucket to achieve arbitrary code execution on any machine that processes job results.
We recommend you upgrade to amazon-braket-sdk version 1.117.0 or later.
Vulnerability Analysis
CVE-2026-9291 can be exploited with network access, requires user interaction and a small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2026-9291 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2026-9291
stack.watch emails you whenever new vulnerabilities are published in Aws Amazon Braket Python Sdk or Amazon Aws. Just hit a watch button to start following.
Affected Versions
AWS Amazon Braket Python SDK:- Version 1.10.0 and below 1.117.0 is affected.