Which versions of Pi.Alert are affected by EUVD-2026-32636?

Pi.Alert, a WiFi/LAN network monitoring and intrusion detection tool deployed across many organizations, contains an unauthenticated SQL injection vulnerability in its public devices.php endpoint…. A patch is available.

Pi.Alert EUVD-2026-32636

Q: What is the CVSS score of EUVD-2026-32636?

EUVD-2026-32636 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

| CVE-2026-44886 HIGH

SQL Injection (CWE-89)

2026-05-27 GitHub_M

PHP SQLi

8.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

May 27, 2026 - 21:26 vuln.today

Patch available

May 27, 2026 - 21:04 EUVD

CVSS changed

May 27, 2026 - 20:22 NVD

8.7 (HIGH)

DescriptionNVD

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devices.php route accepts requests from unauthenticated users when the action URL parameter is set to getDevicesTotals. The scansource URL parameter is then injected in a SQL query. This vulnerability is fixed in 2026-05-07.

AnalysisAI

Unauthenticated SQL injection in Pi.Alert (a WiFi/LAN intruder detection and web-service monitoring tool by leiweibau) lets remote attackers manipulate backend database queries through the public devices.php endpoint. The flaw affects builds from 2024-06-29 up to the 2026-05-07 fix, and the CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) confirms it is trivially reachable over the network with no authentication or user interaction, while the high-confidentiality / no-integrity / no-availability impact (VC:H/VI:N/VA:N) indicates the primary risk is database disclosure. …

RemediationAI

Within 24 hours: Identify all Pi.Alert instances in your environment and document their build dates (vulnerable range: 2024-06-29 through 2026-05-07). Within 7 days: Patch all instances to version 2026-05-07 or later per vendor advisory; if immediate patching is not feasible, implement firewall rules restricting network access to the devices.php endpoint to authorized internal IP ranges only. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-32636 vulnerability details – vuln.today

Back

Pi.Alert EUVD-2026-32636

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Pi.Alert EUVD-2026-32636

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code