Description
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file via Python's exec(), injected code executes as the daemon process. With web protection disabled (the default configuration), no authentication is required, making this an unauthenticated Remote Code Execution vulnerability. This vulnerability is fixed in 2026-05-07.
Published: 2026-05-27
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Pi.Alert’s web‐based configuration editor permits unfiltered Python code to be written into pialert.conf. When the background scan daemon later loads this configuration file with Python’s exec() function, the injected code runs with the same privileges as the daemon process, allowing an attacker to execute arbitrary commands on the host. This provides full compromise of the underlying system, including data exfiltration, persistence, or further lateral movement.

Affected Systems

The affected product is Pi.Alert, a Wi‑Fi and LAN intruder detector developed by leiweibau. Any installation distributed prior to the release dated 2026‑05‑07 is vulnerable; the advisory notes that the issue was fixed in that update. No specific version numbers are listed beyond the date of the fix.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical severity. The exploit probability is not quantified in EPSS, and the vulnerability is not yet in the CISA KEV catalog. The logical attack path requires access to the web interface with web protection disabled, which is the default configuration. Because no authentication is required, an unauthenticated user who can reach the web service can inject code and trigger execution, making exploitation straightforward for anyone with network connectivity to the target.

Generated by OpenCVE AI on May 27, 2026 at 21:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Pi.Alert update released on 2026‑05‑07 or later to resolve the code‑injection flaw.
  • If immediate update is not possible, enable authentication for the web interface or configure web protection to prevent unauthenticated access.
  • Restrict network access to the Pi.Alert web service, for example by using firewall rules to allow only trusted IPs, to reduce the attack surface.
  • Apply input validation on the web interface to restrict accepted configuration data and prevent arbitrary Python code injection, consistent with CWE‑94 remediation best practices.

Generated by OpenCVE AI on May 27, 2026 at 21:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Leiweibau
Leiweibau pi.alert
Vendors & Products Leiweibau
Leiweibau pi.alert

Thu, 28 May 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 27 May 2026 19:30:00 +0000

Type Values Removed Values Added
Description Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file via Python's exec(), injected code executes as the daemon process. With web protection disabled (the default configuration), no authentication is required, making this an unauthenticated Remote Code Execution vulnerability. This vulnerability is fixed in 2026-05-07.
Title Unauthenticated RCE via Python Config File Injection in SaveConfigFile() (Path)
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Leiweibau Pi.alert
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-28T12:58:28.870Z

Reserved: 2026-05-07T21:50:33.545Z

Link: CVE-2026-44887

cve-icon Vulnrichment

Updated: 2026-05-28T12:58:09.742Z

cve-icon NVD

Status : Deferred

Published: 2026-05-27T20:16:37.900

Modified: 2026-06-17T10:51:29.193

Link: CVE-2026-44887

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T15:50:19Z

Weaknesses
  • CWE-94

    Improper Control of Generation of Code ('Code Injection')