What is the CVSS score of EUVD-2026-32635?

EUVD-2026-32635 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of Pi.Alert are affected by EUVD-2026-32635?

Pi.Alert, a widely-used open-source network intrusion detector with web-based management, contains a critical unauthenticated remote code execution flaw that allows attackers to execute arbitrary…. A patch is available.

Pi.Alert EUVD-2026-32635

| CVE-2026-44887 CRITICAL

Code Injection (CWE-94)

2026-05-27 GitHub_M

RCE Python Code Injection

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

May 27, 2026 - 21:04 EUVD

Analysis Generated

May 27, 2026 - 20:16 vuln.today

DescriptionNVD

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file via Python's exec(), injected code executes as the daemon process. With web protection disabled (the default configuration), no authentication is required, making this an unauthenticated Remote Code Execution vulnerability. This vulnerability is fixed in 2026-05-07.

AnalysisAI

Unauthenticated remote code execution affects Pi.Alert, an open-source WiFi/LAN intruder detector with web-based service monitoring, in all versions prior to the 2026-05-07 release. The web configuration editor writes attacker-controlled content into pialert.conf, which the background scan daemon subsequently evaluates with Python's exec(), so injected statements run with the daemon's privileges. …

RemediationAI

Within 24 hours: Inventory all Pi.Alert deployments and assess network exposure of the web interface. Within 7 days: Upgrade all instances to version 2026-05-07 or later; if upgrade is delayed, immediately restrict network access to the web configuration interface via firewall rules and disable web protection features. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-32635 vulnerability details – vuln.today

Back

Pi.Alert EUVD-2026-32635

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code