CVE-2026-9291
HighSummary
Insecure deserialization in the job results processing component in Amazon Braket SDK before version 1.117.0 might allow a remote authenticated user with S3 write access to the job output bucket to achieve arbitrary code execution on any machine that processes job results.
Risk Assessment
The organization may be exposed to arbitrary code execution, potentially leading to data loss or system compromise on machines processing job results.
Recommendation
It is recommended to upgrade to amazon-braket-sdk version 1.117.0 or later.
Original NVD description (English source)
Insecure deserialization in the job results processing component in Amazon Braket SDK before 1.117.0 might allow a remote authenticated user with S3 write access to the job output bucket to achieve arbitrary code execution on any machine that processes job results. We recommend you upgrade to amazon-braket-sdk version 1.117.0 or later.

