Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-44887: Pi.Alert: Unauthenticated Code Injection in Configuration Editor
CVE-2026-44887
Summary
Pi.Alert's web-based configuration editor allows malicious code to be injected into its configuration file. This can be exploited by attackers to execute code on the system, potentially leading to unauthorized access or system compromise. Users should update to the latest version of Pi.Alert, released on 2026-05-07.
Original title
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf....
Original description
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file via Python's exec(), injected code executes as the daemon process. With web protection disabled (the default configuration), no authentication is required, making this an unauthenticated Remote Code Execution vulnerability. This vulnerability is fixed in 2026-05-07.
nvd CVSS3.1
9.8
Vulnerability type
CWE-94
Code Injection
Published: 27 May 2026 · Updated: 28 May 2026 · First seen: 27 May 2026