All 4 CVE vulnerabilities found in pi, with AI-generated Chinese analysis, references, and POCs.
Vendor: earendil-works
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-54327 | Pi: Race condition in auth.json writes could expose stored credentials CWE-367 | 2.2 | Low | 2026-06-23 |
| CVE-2026-54326 | Pi: Potential XSS in HTML session exports via Markdown URL sanitization bypass CWE-79 | 2.5 | Low | 2026-06-23 |
| CVE-2026-54328 | Pi: Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts CWE-379 | 7.3 | High | 2026-06-23 |
| CVE-2026-54325 | Pi loads project-local extensions without approval CWE-829 | 4.4 | Medium | 2026-06-23 |
All 4 known CVE vulnerabilities affecting pi with full Chinese analysis, references, and POCs where available.