A vulnerability was found in skypilot-org skypilot up to 0.12.0 . It has been declared as problematic . Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler . The manipulation results in use of weak hash. This vulnerability was named CVE-2026-13482 . The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure.