CVE-2026-54325 (GCVE-0-2026-54325)

Vulnerability from cvelistv5 – Published: 2026-06-23 19:22 – Updated: 2026-06-23 19:44

Title

Pi loads project-local extensions without approval

Summary

Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded project-local configuration and resources from a repository's .pi directory without first asking the user to trust that repository. This included project-local extensions, which are executable TypeScript or JavaScript modules loaded into the Pi process. An attacker who controls a repository could place Pi-specific project resources in that repository. If a user then started Pi from that working tree, the project-local extension code could run with the same privileges as the local Pi process without the user having a convenient way to make a trust decision. This vulnerability is fixed in 0.79.0.

Severity

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

Assigner

GitHub_M

References

7 references

URL	Tags
https://github.com/earendil-works/pi/security/adv…	x_refsource_CONFIRM
https://github.com/earendil-works/pi/commit/38f18…	x_refsource_MISC
https://github.com/earendil-works/pi/commit/71821…	x_refsource_MISC
https://github.com/earendil-works/pi/commit/89a92…	x_refsource_MISC
https://github.com/earendil-works/pi/commit/ce3a7…	x_refsource_MISC
https://github.com/earendil-works/pi/commit/ff3e9…	x_refsource_MISC
https://github.com/earendil-works/pi/releases/tag…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
earendil-works	pi	Affected: < 0.79.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-54325",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-23T19:44:24.627687Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-23T19:44:45.699Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pi",
          "vendor": "earendil-works",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.79.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded project-local configuration and resources from a repository\u0027s .pi directory without first asking the user to trust that repository. This included project-local extensions, which are executable TypeScript or JavaScript modules loaded into the Pi process. An attacker who controls a repository could place Pi-specific project resources in that repository. If a user then started Pi from that working tree, the project-local extension code could run with the same privileges as the local Pi process without the user having a convenient way to make a trust decision. This vulnerability is fixed in 0.79.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-829",
              "description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-23T19:22:55.043Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/earendil-works/pi/security/advisories/GHSA-mqxh-6gq7-558m",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/earendil-works/pi/security/advisories/GHSA-mqxh-6gq7-558m"
        },
        {
          "name": "https://github.com/earendil-works/pi/commit/38f18be44727e669eb0a6e2eb8edb51b0232d83c",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/earendil-works/pi/commit/38f18be44727e669eb0a6e2eb8edb51b0232d83c"
        },
        {
          "name": "https://github.com/earendil-works/pi/commit/718215bd95b6fc6fa251580d27ea8aab857de390",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/earendil-works/pi/commit/718215bd95b6fc6fa251580d27ea8aab857de390"
        },
        {
          "name": "https://github.com/earendil-works/pi/commit/89a92207f1c9303d53d822fd9b0ac21578834cb4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/earendil-works/pi/commit/89a92207f1c9303d53d822fd9b0ac21578834cb4"
        },
        {
          "name": "https://github.com/earendil-works/pi/commit/ce3a72444e1cc1eaa50475fb3378c7ffbb53ef49",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/earendil-works/pi/commit/ce3a72444e1cc1eaa50475fb3378c7ffbb53ef49"
        },
        {
          "name": "https://github.com/earendil-works/pi/commit/ff3e9df5f5b32368c20b0ef553a6834b3dee9350",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/earendil-works/pi/commit/ff3e9df5f5b32368c20b0ef553a6834b3dee9350"
        },
        {
          "name": "https://github.com/earendil-works/pi/releases/tag/v0.79.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/earendil-works/pi/releases/tag/v0.79.0"
        }
      ],
      "source": {
        "advisory": "GHSA-mqxh-6gq7-558m",
        "discovery": "UNKNOWN"
      },
      "title": "Pi loads project-local extensions without approval"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-54325",
    "datePublished": "2026-06-23T19:22:55.043Z",
    "dateReserved": "2026-06-12T18:42:02.224Z",
    "dateUpdated": "2026-06-23T19:44:45.699Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-54325",
      "date": "2026-06-24",
      "epss": "0.00118",
      "percentile": "0.02026"
    },
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Pi loads project-local extensions without approval\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-829\", \"lang\": \"en\", \"description\": \"CWE-829: Inclusion of Functionality from Untrusted Control Sphere\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"LOCAL\", \"availabilityImpact\": \"NONE\", \"baseScore\": 4.4, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"REQUIRED\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N\", \"version\": \"3.1\"}}], \"references\": [{\"name\": \"https://github.com/earendil-works/pi/security/advisories/GHSA-mqxh-6gq7-558m\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/earendil-works/pi/security/advisories/GHSA-mqxh-6gq7-558m\"}, {\"name\": \"https://github.com/earendil-works/pi/commit/38f18be44727e669eb0a6e2eb8edb51b0232d83c\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/earendil-works/pi/commit/38f18be44727e669eb0a6e2eb8edb51b0232d83c\"}, {\"name\": \"https://github.com/earendil-works/pi/commit/718215bd95b6fc6fa251580d27ea8aab857de390\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/earendil-works/pi/commit/718215bd95b6fc6fa251580d27ea8aab857de390\"}, {\"name\": \"https://github.com/earendil-works/pi/commit/89a92207f1c9303d53d822fd9b0ac21578834cb4\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/earendil-works/pi/commit/89a92207f1c9303d53d822fd9b0ac21578834cb4\"}, {\"name\": \"https://github.com/earendil-works/pi/commit/ce3a72444e1cc1eaa50475fb3378c7ffbb53ef49\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/earendil-works/pi/commit/ce3a72444e1cc1eaa50475fb3378c7ffbb53ef49\"}, {\"name\": \"https://github.com/earendil-works/pi/commit/ff3e9df5f5b32368c20b0ef553a6834b3dee9350\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/earendil-works/pi/commit/ff3e9df5f5b32368c20b0ef553a6834b3dee9350\"}, {\"name\": \"https://github.com/earendil-works/pi/releases/tag/v0.79.0\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/earendil-works/pi/releases/tag/v0.79.0\"}], \"affected\": [{\"vendor\": \"earendil-works\", \"product\": \"pi\", \"versions\": [{\"version\": \"\u003c 0.79.0\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-06-23T19:22:55.043Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded project-local configuration and resources from a repository\u0027s .pi directory without first asking the user to trust that repository. This included project-local extensions, which are executable TypeScript or JavaScript modules loaded into the Pi process. An attacker who controls a repository could place Pi-specific project resources in that repository. If a user then started Pi from that working tree, the project-local extension code could run with the same privileges as the local Pi process without the user having a convenient way to make a trust decision. This vulnerability is fixed in 0.79.0.\"}], \"source\": {\"advisory\": \"GHSA-mqxh-6gq7-558m\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-54325\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-23T19:44:24.627687Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-23T19:44:33.911Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-54325\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2026-06-12T18:42:02.224Z\", \"datePublished\": \"2026-06-23T19:22:55.043Z\", \"dateUpdated\": \"2026-06-23T19:44:45.699Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

GHSA-MQXH-6GQ7-558M

Vulnerability from github – Published: 2026-06-17 13:55 – Updated: 2026-06-17 13:55

Summary

Pi Agent: Pi loads project-local extensions without approval

Details

Pi loads project-local extensions without approval

Pi before 0.79.0 loaded project-local configuration and resources from a repository's .pi directory without first asking the user to trust that repository. This included project-local extensions, which are executable TypeScript or JavaScript modules loaded into the Pi process.

An attacker who controls a repository could place Pi-specific project resources in that repository. If a user then started Pi from that working tree, the project-local extension code could run with the same privileges as the local Pi process without the user having a convenient way to make a trust decision.

Info

The affected component is Pi's project resource loading path. Before 0.79.0, startup loaded project .pi/settings.json, auto-discovered .pi resources, project package-managed resources, and project instruction files as part of normal session initialization. Project-local extensions were included in the same extension set as user/global extensions and were initialized before there was a project trust boundary.

Extensions like pi itself are not sandboxed. They run in the Pi process and can register commands, tools, and event handlers. The vulnerable behavior was not a privilege escalation across an operating-system boundary, but it allowed repository-controlled Pi extension code to execute implicitly when a user ran Pi in that repository.

Impact

Exploitation requires user interaction: the attacker must get a user to open or otherwise work in an attacker-controlled repository and start Pi there. The attacker does not need an account on the user's machine or prior privileges in Pi.

If exploited, project-local extension code runs with the same permissions as the user running Pi. It can access files, environment variables, credentials available to the process, the network, and local tools available to that user. In CVSS terms, this advisory rates the impact as limited confidentiality and integrity impact without a distinct availability impact because exploitation requires local user action in an untrusted repository and does not cross a privilege boundary.

This risk is most relevant for users who run Pi in repositories they have not reviewed or do not trust. Pi's security guidance requires users to trust the codebases they work with, or to use an external sandbox or isolation boundary for untrusted repositories.

Affected versions

Affected: < 0.79.0
Patched: 0.79.0

The solution

Pi 0.79.0 added project trust gating for project-local inputs. On interactive startup, Pi now asks before loading project-local settings, instructions, resources, package-managed resources, or extensions when a trust decision has not already been saved for the working directory.

Non-interactive modes do not prompt. Without a saved trust decision, they ignore project-local inputs unless --approve or -a is passed. Users can also pass --no-approve or -na to ignore project-local inputs for a single run even when a project is already trusted.

Before trust is resolved, Pi loads only user/global extensions and extensions passed explicitly on the command line. Those extensions can participate in the project_trust event; project-local extensions are not loaded until after the project is trusted.

Recommendations

Upgrade @earendil-works/pi-coding-agent to version 0.79.0 or later.

After upgrading, review project trust prompts carefully and only trust repositories whose Pi-specific configuration and extensions you are willing to run. The upgrade makes this trust decision explicit, but it does not change Pi's security model: users should work only in trusted repositories, or use external isolation for untrusted code. Use --no-approve for one-off runs where project-local inputs should be ignored. For untrusted repositories or unattended automation, follow Pi's security guidance and run Pi inside an operating-system sandbox, container, VM, or other isolation boundary with only the files and credentials required for the task.

Workarounds

Before and after this change, Pi users should only run Pi in repositories they trust, or in an external sandbox or isolation boundary when working with untrusted code. Pi 0.79.0 adds an explicit trust prompt as a defense-in-depth and user-safety improvement; it is not a sandbox and it does not make untrusted repositories safe.

If upgrading is not possible and your workflow already enforces this trust boundary, continue to avoid running Pi directly in untrusted repositories. Inspect and remove project-local Pi configuration and resources before use, especially project-local extensions and package configuration. Disabling extensions and other project resources with command-line flags can reduce exposure, but trusted or isolated execution remains the primary mitigation.

Timeline

2026-05-25: Report received.
2026-06-05: Project trust gating committed.
2026-06-08: Project trust refinements and security model documentation completed.
2026-06-08: Fixed version 0.79.0 released.
2026-06-08: Advisory published.

Credits

Reported by @qerogram, @urianpaul94, @EQSTLab, and @kamalmarhubi.

Severity

4.4 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@earendil-works/pi-coding-agent"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.79.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-54325"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-829"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-17T13:55:44Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "# Pi loads project-local extensions without approval\n\nPi before 0.79.0 loaded project-local configuration and resources from a repository\u0027s `.pi` directory without first asking the user to trust that repository. This included project-local extensions, which are executable TypeScript or JavaScript modules loaded into the Pi process.\n\nAn attacker who controls a repository could place Pi-specific project resources in that repository. If a user then started Pi from that working tree, the project-local extension code could run with the same privileges as the local Pi process without the user having a convenient way to make a trust decision.\n\n## Info\n\nThe affected component is Pi\u0027s project resource loading path. Before 0.79.0, startup loaded project `.pi/settings.json`, auto-discovered `.pi` resources, project package-managed resources, and project instruction files as part of normal session initialization. Project-local extensions were included in the same extension set as user/global extensions and were initialized before there was a project trust boundary.\n\nExtensions like pi itself are not sandboxed. They run in the Pi process and can register commands, tools, and event handlers. The vulnerable behavior was not a privilege escalation across an operating-system boundary, but it allowed repository-controlled Pi extension code to execute implicitly when a user ran Pi in that repository.\n\n## Impact\n\nExploitation requires user interaction: the attacker must get a user to open or otherwise work in an attacker-controlled repository and start Pi there. The attacker does not need an account on the user\u0027s machine or prior privileges in Pi.\n\nIf exploited, project-local extension code runs with the same permissions as the user running Pi. It can access files, environment variables, credentials available to the process, the network, and local tools available to that user. In CVSS terms, this advisory rates the impact as limited confidentiality and integrity impact without a distinct availability impact because exploitation requires local user action in an untrusted repository and does not cross a privilege boundary.\n\nThis risk is most relevant for users who run Pi in repositories they have not reviewed or do not trust. Pi\u0027s security guidance requires users to trust the codebases they work with, or to use an external sandbox or isolation boundary for untrusted repositories.\n\n## Affected versions\n\n- Affected: `\u003c 0.79.0`\n- Patched: `0.79.0`\n\n## The solution\n\nPi 0.79.0 added project trust gating for project-local inputs. On interactive startup, Pi now asks before loading project-local settings, instructions, resources, package-managed resources, or extensions when a trust decision has not already been saved for the working directory.\n\nNon-interactive modes do not prompt. Without a saved trust decision, they ignore project-local inputs unless `--approve` or `-a` is passed. Users can also pass `--no-approve` or `-na` to ignore project-local inputs for a single run even when a project is already trusted.\n\nBefore trust is resolved, Pi loads only user/global extensions and extensions passed explicitly on the command line. Those extensions can participate in the `project_trust` event; project-local extensions are not loaded until after the project is trusted.\n\n## Recommendations\n\nUpgrade `@earendil-works/pi-coding-agent` to version 0.79.0 or later.\n\nAfter upgrading, review project trust prompts carefully and only trust repositories whose Pi-specific configuration and extensions you are willing to run. The upgrade makes this trust decision explicit, but it does not change Pi\u0027s security model: users should work only in trusted repositories, or use external isolation for untrusted code. Use `--no-approve` for one-off runs where project-local inputs should be ignored. For untrusted repositories or unattended automation, follow Pi\u0027s [security guidance](https://pi.dev/docs/latest/security) and run Pi inside an operating-system sandbox, container, VM, or other isolation boundary with only the files and credentials required for the task.\n\n## Workarounds\n\nBefore and after this change, Pi users should only run Pi in repositories they trust, or in an external sandbox or isolation boundary when working with untrusted code. Pi 0.79.0 adds an explicit trust prompt as a defense-in-depth and user-safety improvement; it is not a sandbox and it does not make untrusted repositories safe.\n\nIf upgrading is not possible and your workflow already enforces this trust boundary, continue to avoid running Pi directly in untrusted repositories. Inspect and remove project-local Pi configuration and resources before use, especially project-local extensions and package configuration. Disabling extensions and other project resources with command-line flags can reduce exposure, but trusted or isolated execution remains the primary mitigation.\n\n## Timeline\n\n- 2026-05-25: Report received.\n- 2026-06-05: Project trust gating committed.\n- 2026-06-08: Project trust refinements and security model documentation completed.\n- 2026-06-08: Fixed version 0.79.0 released.\n- 2026-06-08: Advisory published.\n\n## Credits\n\nReported by [@qerogram](https://github.com/qerogram), [@urianpaul94](https://github.com/urianpaul94), [@EQSTLab](https://github.com/EQSTLab), and [@kamalmarhubi](https://github.com/kamalmarhubi).",
  "id": "GHSA-mqxh-6gq7-558m",
  "modified": "2026-06-17T13:55:44Z",
  "published": "2026-06-17T13:55:44Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/earendil-works/pi/security/advisories/GHSA-mqxh-6gq7-558m"
    },
    {
      "type": "WEB",
      "url": "https://github.com/earendil-works/pi/commit/38f18be44727e669eb0a6e2eb8edb51b0232d83c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/earendil-works/pi/commit/718215bd95b6fc6fa251580d27ea8aab857de390"
    },
    {
      "type": "WEB",
      "url": "https://github.com/earendil-works/pi/commit/89a92207f1c9303d53d822fd9b0ac21578834cb4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/earendil-works/pi/commit/ce3a72444e1cc1eaa50475fb3378c7ffbb53ef49"
    },
    {
      "type": "WEB",
      "url": "https://github.com/earendil-works/pi/commit/ff3e9df5f5b32368c20b0ef553a6834b3dee9350"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/earendil-works/pi"
    },
    {
      "type": "WEB",
      "url": "https://github.com/earendil-works/pi/releases/tag/v0.79.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Pi Agent: Pi loads project-local extensions without approval"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-54325 (GCVE-0-2026-54325)

GHSA-MQXH-6GQ7-558M

Pi loads project-local extensions without approval

Info

Impact

Affected versions

The solution

Recommendations

Workarounds

Timeline

Credits

Tags

Sightings

Nomenclature