EUVD-2026-39982

A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by hig...

CVE-2026-13482

CVE-2026-13482 affects skypilot-org/skypilot

airflow-provider-skypilot (=0.1.3), inferiallm (>=1.0.2 <=1.0.5) potentially affected by unknown CVE via skypilot (>=0.10.3 <=0.10.3.post2)

skypilot PYPI version =0.10.3, =1.0.2, =1.0.5 Source cves: unknown CVE Source advisory: SNYK:PYTHON-SKYPILOT-14860868...

Cleartext Transmission of Sensitive Information

Overview skypilot is a SkyPilot: Run AI on Any Infra — Unified, Faster, Cheaper. Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information by transmitting traffic over plain HTTP sensitive API requests are exposed to interception and man-in-the-middle...