CVE-2026-13482

Source
https://cve.org/CVERecord?id=CVE-2026-13482
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-13482.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-13482
Published
2026-06-28T04:30:10.004Z
Modified
2026-07-15T01:49:22.402061548Z
Severity
  • 2.9 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
skypilot-org skypilot User ID server.py username.encode weak hash
Details

A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is considered difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/13xxx/CVE-2026-13482.json",
    "cwe_ids": [
        "CWE-327",
        "CWE-328"
    ],
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/skypilot-org/skypilot

Affected ranges

Type
GIT
Repo
https://github.com/skypilot-org/skypilot
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "0.1"
        },
        {
            "last_affected": "0.1"
        },
        {
            "introduced": "0.2"
        },
        {
            "last_affected": "0.2"
        },
        {
            "introduced": "0.3"
        },
        {
            "last_affected": "0.3"
        },
        {
            "introduced": "0.4"
        },
        {
            "last_affected": "0.4"
        },
        {
            "introduced": "0.5"
        },
        {
            "last_affected": "0.5"
        },
        {
            "introduced": "0.6"
        },
        {
            "last_affected": "0.6"
        },
        {
            "introduced": "0.7"
        },
        {
            "last_affected": "0.7"
        },
        {
            "introduced": "0.8"
        },
        {
            "last_affected": "0.8"
        },
        {
            "introduced": "0.9"
        },
        {
            "last_affected": "0.9"
        },
        {
            "introduced": "0.10"
        },
        {
            "last_affected": "0.10"
        },
        {
            "introduced": "0.11"
        },
        {
            "last_affected": "0.11"
        },
        {
            "introduced": "0.12.0"
        },
        {
            "last_affected": "0.12.0"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

0.*
0.1
0.10
0.11
0.12.0
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-13482.json"