CVE-2026-44887: CWE-94: Improper Control of Generation of Code ('Code Injection') in leiweibau Pi.Alert
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file via Python's exec(), injected code executes as the daemon process. With web protection disabled (the default configuration), no authentication is required, making this an unauthenticated Remote Code Execution vulnerability. This vulnerability is fixed in 2026-05-07.
AI Analysis
Technical Summary
Pi.Alert, a WIFI/LAN intruder detector with web service monitoring, had a critical vulnerability (CVE-2026-44887) in its web-based configuration editor that allowed arbitrary Python code injection into its configuration file (pialert.conf). Because the background scan daemon executes this configuration file using Python's exec(), any injected code runs with the daemon's privileges. The default configuration disables web protection, enabling unauthenticated remote attackers to exploit this vulnerability. The issue is classified under CWE-94 (Improper Control of Generation of Code). The vulnerability was fixed in the release dated 2026-05-07.
Potential Impact
Successful exploitation allows unauthenticated remote attackers to execute arbitrary Python code on the system running Pi.Alert, leading to full compromise of the daemon process. This can result in complete system control, data compromise, or disruption of the intruder detection service. The CVSS 3.1 base score of 9.8 reflects the critical nature with network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability.
Mitigation Recommendations
A fix for this vulnerability is available in Pi.Alert version 2026-05-07 and later. Users should upgrade to this version or newer to remediate the issue. Until the upgrade is applied, enabling web protection to require authentication may reduce exposure, but the vendor advisory does not specify alternative mitigations. Patch status is confirmed fixed as of 2026-05-07.
CVE-2026-44887: CWE-94: Improper Control of Generation of Code ('Code Injection') in leiweibau Pi.Alert
Description
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file via Python's exec(), injected code executes as the daemon process. With web protection disabled (the default configuration), no authentication is required, making this an unauthenticated Remote Code Execution vulnerability. This vulnerability is fixed in 2026-05-07.
CVSS v3.1
Score 9.8critical
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Pi.Alert, a WIFI/LAN intruder detector with web service monitoring, had a critical vulnerability (CVE-2026-44887) in its web-based configuration editor that allowed arbitrary Python code injection into its configuration file (pialert.conf). Because the background scan daemon executes this configuration file using Python's exec(), any injected code runs with the daemon's privileges. The default configuration disables web protection, enabling unauthenticated remote attackers to exploit this vulnerability. The issue is classified under CWE-94 (Improper Control of Generation of Code). The vulnerability was fixed in the release dated 2026-05-07.
Potential Impact
Successful exploitation allows unauthenticated remote attackers to execute arbitrary Python code on the system running Pi.Alert, leading to full compromise of the daemon process. This can result in complete system control, data compromise, or disruption of the intruder detection service. The CVSS 3.1 base score of 9.8 reflects the critical nature with network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability.
Mitigation Recommendations
A fix for this vulnerability is available in Pi.Alert version 2026-05-07 and later. Users should upgrade to this version or newer to remediate the issue. Until the upgrade is applied, enabling web protection to require authentication may reduce exposure, but the vendor advisory does not specify alternative mitigations. Patch status is confirmed fixed as of 2026-05-07.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-07T21:50:33.545Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a17476ae29bf47b50e35421
Added to database: 5/27/2026, 7:35:06 PM
Last enriched: 5/27/2026, 7:49:11 PM
Last updated: 5/27/2026, 9:08:40 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.