What is the CVSS score of CVE-2026-54326?

CVE-2026-54326 has a CVSS 3.1 base score of 2.5 (Low). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N.

Is there a patch available for CVE-2026-54326?

Yes, a patch is available for CVE-2026-54326. Update the affected software to the latest version immediately.

Crowdstrike CVE-2026-54326

Q: Which versions of Crowdstrike are affected by CVE-2026-54326?

Stored XSS in the HTML session export feature of pi-coding-agent allows script execution in an exported document when a user clicks a crafted Markdown link.. A patch is available.

LOW

Cross-site Scripting (XSS) (CWE-79)

2026-06-16 https://github.com/earendil-works/pi

GHSA-7v5m-pr3q-6453

Crowdstrike XSS

2.5

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

2.5 LOW

AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Source Code Evidence Fetched

Jun 17, 2026 - 00:38 vuln.today

Analysis Generated

Jun 17, 2026 - 00:38 vuln.today

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

32 npm packages depend on @earendil-works/pi-coding-agent (32 direct, 0 indirect)

Ecosystem-wide dependent count for version 0.74.0.

DescriptionGitHub Advisory

Potential XSS in HTML session exports via Markdown URL handling

Pi HTML exports render session Markdown into a static HTML file. Affected versions did not consistently reject unsafe Markdown link and image URL schemes. In versions with scheme filtering, C0 control characters in the URL scheme could bypass the check because browsers normalize those characters before navigation.

Impact

The realistic attack path is indirect. An attacker would need to get suitable Markdown into a session, for example through prompt injection that causes the model to include an unsafe link, or through other untrusted session content. The user would then need to export the session as HTML, open or share that file, and click the link.

If triggered, script runs in the exported document, not in pi or the user's shell. The main risk is limited disclosure of data embedded in that exported session file.

Affected versions

Affected: @mariozechner/pi-coding-agent >= 0.27.5, <= 0.73.1
Affected: @earendil-works/pi-coding-agent >= 0.74.0, < 0.78.1
Patched: @earendil-works/pi-coding-agent 0.78.1

The old @mariozechner/pi-coding-agent package scope has no patched release. It was renamed to @earendil-works/pi-coding-agent; users of the old scope should migrate to the new package and upgrade to version 0.78.1 or later.

Resolution

Version 0.78.1 sanitizes Markdown link and image URLs with an allow-list after stripping C0 control characters.

Recommendations

Upgrade @earendil-works/pi-coding-agent to version 0.78.1 or later. Regenerate shared HTML exports after upgrading if the underlying sessions contained untrusted content.

Timeline

2026-05-29: Report received through GitHub Security Advisories
2026-06-02: Fix committed
2026-06-04: Fixed version 0.78.1 released
2026-06-08: Advisory prepared for publication

Credits

Reported by Paul Urian and Cosmin Alexa of CrowdStrike.

AnalysisAI

Stored XSS in the HTML session export feature of pi-coding-agent allows script execution in an exported document when a user clicks a crafted Markdown link. Affected npm packages (@mariozechner/pi-coding-agent 0.27.5–0.73.1 and @earendil-works/pi-coding-agent 0.74.0–0.78.0) either omitted URL scheme validation entirely or implemented a blocklist that could be defeated by prepending C0 control characters (bytes 0x00–0x1F), which browsers silently strip before navigation. …