Description
Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded project-local configuration and resources from a repository's .pi directory without first asking the user to trust that repository. This included project-local extensions, which are executable TypeScript or JavaScript modules loaded into the Pi process. An attacker who controls a repository could place Pi-specific project resources in that repository. If a user then started Pi from that working tree, the project-local extension code could run with the same privileges as the local Pi process without the user having a convenient way to make a trust decision. This vulnerability is fixed in 0.79.0.
Published: 2026-06-23
Score: 4.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Pi is a minimal terminal coding harness that, prior to version 0.79.0, automatically loads project‑local configuration and resources from a repository’s .pi directory when it starts. The vulnerable versions do not prompt the user for trust, enabling an attacker who controls a repository to place executable TypeScript or JavaScript modules—project‑local extensions—into that directory. When a user starts Pi from that working tree, the malicious code runs in the Pi process with the same privileges as the local user, allowing arbitrary code execution on the machine. The flaw corresponds to CWE‑829, which describes the risk of executing untrusted code without proper validation. The vulnerability is fixed in version 0.79.0.

Affected Systems

The product affected is Pi from Earendil Works. Any installation of Pi before version 0.79.0 is vulnerable. Versions 0.79.0 and later contain the fix and are not affected.

Risk and Exploitability

The CVSS score of 4.4 indicates moderate severity; the likelihood of widespread exploitation is unknown, but the flaw is not listed in the CISA KEV catalog, implying no known active exploits. The attack vector requires the attacker to control a repository or a local working directory and for the user to run Pi in that repository, making it a local privilege escalation or code execution scenario rather than a remote attack.

Generated by OpenCVE AI on June 24, 2026 at 10:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official Pi patch by upgrading to version 0.79.0 or newer
  • If an upgrade cannot be performed immediately, run Pi only in trusted directories and avoid repositories that are not verified by the user
  • Execute Pi from a restricted user account or within a sandbox to limit the impact of any malicious extensions

Generated by OpenCVE AI on June 24, 2026 at 10:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-mqxh-6gq7-558m Pi Agent: Pi loads project-local extensions without approval
History

Wed, 24 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Earendil-works
Earendil-works pi
Vendors & Products Earendil-works
Earendil-works pi

Tue, 23 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 23 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Description Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded project-local configuration and resources from a repository's .pi directory without first asking the user to trust that repository. This included project-local extensions, which are executable TypeScript or JavaScript modules loaded into the Pi process. An attacker who controls a repository could place Pi-specific project resources in that repository. If a user then started Pi from that working tree, the project-local extension code could run with the same privileges as the local Pi process without the user having a convenient way to make a trust decision. This vulnerability is fixed in 0.79.0.
Title Pi loads project-local extensions without approval
Weaknesses CWE-829
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N'}


Subscriptions

Earendil-works Pi
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-23T19:44:45.699Z

Reserved: 2026-06-12T18:42:02.224Z

Link: CVE-2026-54325

cve-icon Vulnrichment

Updated: 2026-06-23T19:44:33.911Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T16:05:41Z

Weaknesses
  • CWE-829

    Inclusion of Functionality from Untrusted Control Sphere