CVE-2026-13482 | skypilot-org skypilot up to 0.12.0 User ID sky/users/server.py username.encode weak hash (Issue 9194)

Inserito da Angelo Barbosa | Giu 27, 2026 | CVE

A vulnerability was found in skypilot-org skypilot up to 0.12.0. It has been declared as problematic. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash.

This vulnerability was named CVE-2026-13482. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure.

CVE-2026-13482 | skypilot-org skypilot up to 0.12.0 User ID sky/users/server.py username.encode weak hash (Issue 9194)

Post correlati

CVE-2023-30309 | D-Link DI-7003GV2 TCP denial of service

CVE-2024-33880 | VirtoSoftware Virto Bulk File Download for SharePoint 2019 5.5.44 Download.ashx information disclosure

CVE-2024-46683 | Linux Kernel up to 6.10.7 DRM use after free (10081b0b0ed2/730b72480e29)

CVE-2025-22280 | revmakx DefendWP Firewall Plugin up to 1.1.0 on WordPress authorization