HIGH
earendil-works
CVE published 2026-06-23
CVE-2026-54328
CVE-2026-54328 affects Pi, a minimal terminal coding harness. Versions from 0.74.0 to 0.78.1 used predictable paths under the operating system's temporary directory for temporary npm or git extension package installs. This vulnerability allows a local attacker who can write to the shared temporary directory to prepare the expected package location before another user runs pi with a temporary extension pac [truncated]