CVE-2026-5556
Code Injection in badlogic pi-mono Loader Enables Remote Exploits
Publication date: 2026-04-05
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| badlogic | pi-mono | to 0.58.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5556 is a security vulnerability in the pi-mono product (Pi Coding Agent Monorepo) version 0.58.4 and earlier, specifically in the extension loader component (loader.ts). The vulnerability occurs because the software automatically discovers, loads, and immediately executes project-local extensions from the `.pi/extensions/` directory without any sandboxing, user confirmation, or integrity checks.
This automatic loading process includes following symbolic links and running the code with full Node.js privileges, allowing access to sensitive system APIs. An attacker can exploit this by placing a malicious extension in a repository; when a user clones and runs the pi agent in that directory, the malicious code executes automatically with the user's privileges, enabling arbitrary code execution without any user interaction.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized data access, system compromise, and disruption. Specifically, an attacker can execute arbitrary code with the privileges of the user running the pi agent, leading to:
- Confidentiality risks such as leakage of sensitive data including SSH keys, cloud credentials, API tokens, and environment variables.
- Integrity risks including persistent backdoors, tampering with source code, and installation of rootkits.
- Availability risks such as system disruption, file deletion, and resource exhaustion.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of malicious or unexpected TypeScript (.ts) or JavaScript (.js) files in the project-local `.pi/extensions/` directory, including symbolic links that may point to malicious code.
You can inspect the `.pi/extensions/` directory recursively to identify suspicious files or symlinks that could be exploited.
- Use the command `find .pi/extensions/ -type l -ls` to list symbolic links in the extensions directory.
- Use `find .pi/extensions/ -name '*.ts' -o -name '*.js'` to list all TypeScript and JavaScript files loaded automatically.
Additionally, monitoring the startup logs of the pi agent for loaded extensions can help detect unexpected or unauthorized extensions being executed.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting the loading of project-local extensions in the `.pi/extensions/` directory to prevent automatic execution of potentially malicious code.
- Avoid running the pi agent in untrusted or cloned repositories that may contain malicious extensions.
- Manually inspect and remove any suspicious `.ts` or `.js` files or symbolic links in the `.pi/extensions/` directory.
- Implement or enable a workspace trust prompt or a flag such as `--allow-project-extensions` to require explicit user confirmation before loading extensions.
- Monitor and log all loaded extensions during startup to increase awareness of what code is being executed.
Longer term, advocate for or apply patches that introduce code signing, hash pinning, and sandboxing to restrict extension capabilities.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows remote code execution with full user privileges, leading to high risks of data leakage including sensitive information such as SSH keys, cloud credentials, and API tokens.
Such unauthorized access and potential exfiltration of sensitive data can negatively impact compliance with data protection regulations like GDPR and HIPAA, which require strict controls to protect personal and sensitive information.
The lack of security controls such as sandboxing, code signing, or user confirmation before executing extensions increases the risk of confidentiality, integrity, and availability breaches, which are critical factors in regulatory compliance.