A critical security vulnerability has been found in the Amazon Braket SDK, affecting versions 1.10.0 through 1.116.9. This vulnerability, identified as CVE-2026-9291, concerns an insecure deserialization issue within the job results processing. The deserialize_values() function incorrectly trusts the dataFormat field from JSON files. This field controls whether pickle.loads() is used to process data. A malicious actor with S3 write access can exploit this flaw. They can manipulate the dataFormat field to trigger arbitrary code execution. Specifically, they can change the format to pickled_v4 and inject malicious code. This allows remote authenticated users to execute code on machines processing job results. This could lead to a compromise of systems analyzing quantum job outputs. Users are strongly advised to consult the provided article for comprehensive details. Immediate action is required to address this significant security risk.
deserialize_values()function incorrectly trusts thedataFormatfield from JSON files. This field controls whetherpickle.loads()is used to process data. A malicious actor with S3 write access can exploit this flaw. They can manipulate thedataFormatfield to trigger arbitrary code execution. Specifically, they can change the format topickled_v4and inject malicious code. This allows remote authenticated users to execute code on machines processing job results. This could lead to a compromise of systems analyzing quantum job outputs. Users are strongly advised to consult the provided article for comprehensive details. Immediate action is required to address this significant security risk.