CVE-2026-5556: Code Injection in badlogic pi-mono
A security vulnerability has been detected in badlogic pi-mono up to 0.58.4. This vulnerability affects the function discoverAndLoadExtensions of the file packages/coding-agent/src/core/extensions/loader.ts. The manipulation leads to code injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI Analysis
Technical Summary
This vulnerability in badlogic pi-mono (up to version 0.58.4) involves code injection via the discoverAndLoadExtensions function located in packages/coding-agent/src/core/extensions/loader.ts. The flaw allows remote attackers to inject and execute arbitrary code without user interaction and with low attack complexity. The CVSS 4.0 base score is 5.3 (medium severity), reflecting network attack vector, low privileges required, and limited impact on confidentiality, integrity, and availability. The vendor was notified but has not issued any fix or advisory, and no patch links are available. The vulnerability is publicly disclosed but no known exploits in the wild have been reported.
Potential Impact
Successful exploitation can lead to remote code injection, potentially allowing attackers to execute arbitrary code within the context of the affected application. However, the impact on confidentiality, integrity, and availability is rated as low, indicating limited damage or scope of compromise. The vulnerability requires low privileges and no user interaction, increasing the risk of exploitation. No known active exploitation has been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not responded or provided a fix, users should monitor official channels for updates. In the meantime, consider restricting network exposure of affected versions and applying compensating controls to limit potential impact.
CVE-2026-5556: Code Injection in badlogic pi-mono
Description
A security vulnerability has been detected in badlogic pi-mono up to 0.58.4. This vulnerability affects the function discoverAndLoadExtensions of the file packages/coding-agent/src/core/extensions/loader.ts. The manipulation leads to code injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in badlogic pi-mono (up to version 0.58.4) involves code injection via the discoverAndLoadExtensions function located in packages/coding-agent/src/core/extensions/loader.ts. The flaw allows remote attackers to inject and execute arbitrary code without user interaction and with low attack complexity. The CVSS 4.0 base score is 5.3 (medium severity), reflecting network attack vector, low privileges required, and limited impact on confidentiality, integrity, and availability. The vendor was notified but has not issued any fix or advisory, and no patch links are available. The vulnerability is publicly disclosed but no known exploits in the wild have been reported.
Potential Impact
Successful exploitation can lead to remote code injection, potentially allowing attackers to execute arbitrary code within the context of the affected application. However, the impact on confidentiality, integrity, and availability is rated as low, indicating limited damage or scope of compromise. The vulnerability requires low privileges and no user interaction, increasing the risk of exploitation. No known active exploitation has been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not responded or provided a fix, users should monitor official channels for updates. In the meantime, consider restricting network exposure of affected versions and applying compensating controls to limit potential impact.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-04T13:47:01.130Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d22f510a160ebd92c5a8d5
Added to database: 4/5/2026, 9:45:53 AM
Last enriched: 4/12/2026, 3:08:17 PM
Last updated: 5/20/2026, 2:16:26 AM
Views: 130
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.