Skip to main content

Skypilot

1 CVEs product

Monthly

CVE-2026-13482 LOW Monitor

Weak hash usage in SkyPilot's User ID Handler (versions up to 0.12.0) allows remote attackers with high-complexity access to manipulate user identity integrity by exploiting the `username.encode` function in `sky/users/server.py`. The vulnerability (CWE-328) results in a low-integrity impact on the vulnerable system, with no confidentiality or availability impact per the CVSS 4.0 vector, though the VulDB-assigned 'Information Disclosure' tag suggests the weak hash may additionally expose derivable username data. A public exploit exists (CVSS 4.0 E:P modifier confirmed), but no confirmed active exploitation or CISA KEV listing has been identified at time of analysis.

Information Disclosure Skypilot
NVD VulDB GitHub
CVSS 4.0
2.9
EPSS
0.2%
EPSS 0% CVSS 2.9
LOW Monitor

Weak hash usage in SkyPilot's User ID Handler (versions up to 0.12.0) allows remote attackers with high-complexity access to manipulate user identity integrity by exploiting the `username.encode` function in `sky/users/server.py`. The vulnerability (CWE-328) results in a low-integrity impact on the vulnerable system, with no confidentiality or availability impact per the CVSS 4.0 vector, though the VulDB-assigned 'Information Disclosure' tag suggests the weak hash may additionally expose derivable username data. A public exploit exists (CVSS 4.0 E:P modifier confirmed), but no confirmed active exploitation or CISA KEV listing has been identified at time of analysis.

Information Disclosure Skypilot
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy