ByteOS Network

NVD Vulnerability Details :

CVE-2026-44887

Received

Source-security-advisories@github.com

Published At-27 May, 2026 | 20:16

Updated At-28 May, 2026 | 14:16

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file via Python's exec(), injected code executes as the daemon process. With web protection disabled (the default configuration), no authentication is required, making this an unauthenticated Remote Code Execution vulnerability. This vulnerability is fixed in 2026-05-07.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-94	Secondary	security-advisories@github.com

CWE ID: CWE-94

Type: Secondary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/leiweibau/Pi.Alert/security/advisories/GHSA-r59g-5wf9-f7vv	security-advisories@github.com	N/A
https://github.com/leiweibau/Pi.Alert/security/advisories/GHSA-r59g-5wf9-f7vv	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A

Hyperlink: https://github.com/leiweibau/Pi.Alert/security/advisories/GHSA-r59g-5wf9-f7vv

Source: security-advisories@github.com

Resource: N/A

Hyperlink: https://github.com/leiweibau/Pi.Alert/security/advisories/GHSA-r59g-5wf9-f7vv

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History