Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionGitHub Advisory
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile() endpoint writes user-supplied numeric config values (e.g., SMTP_PORT) directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec() every 3-5 minutes by the background cron process, an attacker can inject arbitrary Python code and achieve unauthenticated OS-level RCE. On default installations (PIALERT_WEB_PROTECTION = False), no credentials are required. This vulnerability is fixed in 2026-05-07.
AnalysisAI
Unauthenticated remote code execution affects Pi.Alert, a Python-based Wi-Fi/LAN intruder detector, in all releases prior to the 2026-05-07 fix. The web UI's SaveConfigFile() endpoint writes attacker-supplied numeric configuration values such as SMTP_PORT into pialert.conf with no validation, and because that file is reloaded via Python's exec() by a background cron job every 3-5 minutes, injected Python executes at the OS level. On default installations (PIALERT_WEB_PROTECTION = False) no credentials are required, matching the CVSS 9.8 network/no-privilege rating; there is no public exploit identified at time of analysis and the CVE is not in CISA KEV, but trivial complexity and full CIA impact make it a high-priority patch.
Technical ContextAI
Pi.Alert (the leiweibau fork, per CPE cpe:2.3:a:leiweibau:pi.alert) is a self-hosted network monitoring tool that scans the LAN/Wi-Fi for new or unauthorized devices and performs web-service monitoring. Its configuration is stored in pialert.conf as Python assignment statements, which the back-end loads by passing the file contents to Python's exec() rather than parsing it as inert data. The vulnerability is a classic CWE-94 (Improper Control of Generation of Code / code injection): a user-controlled value reaches a code-evaluation sink. Because SaveConfigFile() trusts that fields like SMTP_PORT are numeric and writes them verbatim, an attacker can break out of the intended integer assignment and append arbitrary Python that the scheduled exec() will run with the privileges of the cron/back-end process.
RemediationAI
Vendor-released patch: upgrade to the Pi.Alert 2026-05-07 release (the project uses date-based versioning rather than semantic version tags), as documented in advisory GHSA-xg85-f8qw-7c5f (https://github.com/leiweibau/Pi.Alert/security/advisories/GHSA-xg85-f8qw-7c5f). Until the upgrade is applied, the most direct compensating control is to set PIALERT_WEB_PROTECTION = True so the web interface requires authentication, which removes the unauthenticated path but does not by itself fix the underlying exec()-based config loading, so an authenticated attacker could still inject code. Additionally, restrict network access to the Pi.Alert web service to trusted management hosts via firewall rules or a reverse proxy with authentication, and avoid exposing the UI to the internet; the trade-off is reduced remote administration convenience. Where feasible, run the back-end/cron process under a least-privileged, non-root account to limit the blast radius of any successful injection.
Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t
BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser
pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301
Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing
Same weakness CWE-94 – Code Injection
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32634