← voltar
CVE-2026-13482

skypilot-org skypilot User ID server.py username.encode weak hash

CVSS 6.3 MEDIUMEPSS 0.2%CWE-327CWE-328
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
28 jun 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is considered difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure.
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
Produtos afetados
skypilot-org · skypilot

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/skypilot-org/skypilot/https://github.com/skypilot-org/skypilot/issues/9194https://vuldb.com/cve/CVE-2026-13482https://vuldb.com/submit/789927https://vuldb.com/vuln/374479https://vuldb.com/vuln/374479/cti