Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Pi-Mono Slack Bot Authentication Bypass Exposed
CVE-2026-5557
Summary
A security issue in Pi-Mono Slack Bot up to version 0.58.4 could allow an attacker to bypass authentication and access the bot remotely. This could potentially lead to unauthorized access to sensitive information or actions. We recommend updating to the latest version of Pi-Mono to fix this issue.
Original title
A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affects some unknown processing of the file packages/mom/src/slack.ts of the component pi-mom Slack Bot. The manipulation r...
Original description
A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affects some unknown processing of the file packages/mom/src/slack.ts of the component pi-mom Slack Bot. The manipulation results in authentication bypass using alternate channel. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-287
Improper Authentication
CWE-288
Authentication Bypass Using Alternate Path
Published: 5 Apr 2026 · Updated: 5 Apr 2026 · First seen: 5 Apr 2026