skypilot-org skypilot User ID server.py username.encode weak hash_CVE-2026-13482

6.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is considered difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure.

Basic Information

ID CVE-2026-13482

Source VulDB

Published Jun 28, 2026 at 04:30

Affected Product

Vendor skypilot-org

Product skypilot

Version 0.1

Affected Versions skypilot-org skypilot 0.1
skypilot-org skypilot 0.2
skypilot-org skypilot 0.3
skypilot-org skypilot 0.4
skypilot-org skypilot 0.5
skypilot-org skypilot 0.6
skypilot-org skypilot 0.7
skypilot-org skypilot 0.8
skypilot-org skypilot 0.9
skypilot-org skypilot 0.10
skypilot-org skypilot 0.11
skypilot-org skypilot 0.12.0

CWE Classification

CWE-328 CWE-327

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is considered difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure.",
    "published": "2026-06-28T04:30:10.004Z",
    "modified": "2026-06-28T04:30:10.004Z",
    "type": "cve",
    "title": "skypilot-org skypilot User ID server.py username.encode weak hash",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/374479\nhttps://vuldb.com/vuln/374479/cti\nhttps://vuldb.com/cve/CVE-2026-13482\nhttps://vuldb.com/submit/789927\nhttps://github.com/skypilot-org/skypilot/issues/9194\nhttps://github.com/skypilot-org/skypilot/",
    "id": "CVE-2026-13482",
    "bulletinFamily": "",
    "cwe": [
        "CWE-328",
        "CWE-327"
    ],
    "cvelist": null,
    "sourceData": "skypilot-org skypilot 0.1\nskypilot-org skypilot 0.2\nskypilot-org skypilot 0.3\nskypilot-org skypilot 0.4\nskypilot-org skypilot 0.5\nskypilot-org skypilot 0.6\nskypilot-org skypilot 0.7\nskypilot-org skypilot 0.8\nskypilot-org skypilot 0.9\nskypilot-org skypilot 0.10\nskypilot-org skypilot 0.11\nskypilot-org skypilot 0.12.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "skypilot",
    "version": "0.1",
    "vendor": "skypilot-org",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}