PatchSiren cyber security CVE debrief
CVE-2026-54328 earendil-works CVE debrief
CVE-2026-54328 affects Pi, a minimal terminal coding harness. Versions from 0.74.0 to 0.78.1 used predictable paths under the operating system's temporary directory for temporary npm or git extension package installs. This vulnerability allows a local attacker who can write to the shared temporary directory to prepare the expected package location before another user runs pi with a temporary extension package source. Consequently, Pi could load attacker-controlled extension code in the victim user's process. The vulnerability is fixed in version 0.78.1. Users should update to this version to mitigate the risk. Additionally, defenders should monitor for suspicious activity in temporary directories and ensure proper access controls are in place.
- Vendor
- earendil-works
- Product
- pi
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-23
- Original CVE updated
- 2026-06-25
- Advisory published
- 2026-06-23
- Advisory updated
- 2026-06-25
Who should care
System administrators and users of Pi versions 0.74.0 to 0.78.1 should be aware of this vulnerability. Local attackers could exploit this issue to execute arbitrary code in the context of other users. Therefore, users with shared access to temporary directories on Linux-based multi-user systems are particularly at risk.
Technical summary
The CVE-2026-54328 vulnerability in Pi, a minimal terminal coding harness, arises from the use of predictable paths under the operating system's temporary directory for temporary npm or git extension package installs. This issue affects versions 0.74.0 through 0.78.1. An attacker with write access to the shared temporary directory can prepare the expected package location before another user runs pi with a temporary extension package source, potentially leading to the execution of attacker-controlled code in the victim's process. The vulnerability's CVSS score is 7.3, indicating a high severity level. The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H, reflecting Local, Low Attack Complexity, Low Privileges Required, and High impacts on Confidentiality, Integrity, and Availability.
Defensive priority
High priority should be given to updating Pi to version 0.78.1 or later. In the meantime, defenders should monitor temporary directories for suspicious activity and enforce strict access controls.
Recommended defensive actions
- Update Pi to version 0.78.1 or later.
- Monitor temporary directories for suspicious activity.
- Enforce strict access controls on temporary directories.
- Review user permissions and limit access to shared temporary directories.
- Implement additional logging and monitoring to detect potential exploitation attempts.
Evidence notes
The CVE-2026-54328 entry in the CVE database and the NVD provide details about this vulnerability. The CVE record and NVD detail pages offer comprehensive information about the affected versions, the nature of the vulnerability, and potential impacts. Additionally, references from GitHub provide insights into the fixes and patches applied in version 0.78.1.
Official resources
This article is AI-assisted and based on the supplied source corpus.