Compliance Impact

The vulnerability allows arbitrary code execution with the same privileges as the Pi process when a user opens an attacker-controlled repository without explicit trust approval. This could potentially lead to unauthorized access or modification of sensitive data within the user's environment.

Since Pi runs with the user's permissions and does not sandbox project-local extensions, this vulnerability could increase the risk of data exposure or manipulation, which may impact compliance with data protection standards such as GDPR or HIPAA if sensitive personal or health information is accessed or altered without proper authorization.

The fix introduced in version 0.79.0 adds a trust gating mechanism requiring explicit user approval before loading project-local resources, thereby mitigating the risk of unauthorized code execution and helping maintain compliance by enforcing user consent and control over code execution.

However, Pi's security model relies on user decisions and external containment methods (like containers or VMs) for untrusted work, so organizations must ensure appropriate operational controls and environment isolation to fully comply with standards like GDPR and HIPAA.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-54325 is a vulnerability in the Pi terminal coding harness before version 0.79.0 where Pi automatically loaded project-local configuration and executable extensions from a repository's .pi directory without asking the user to trust that repository first.

This meant that if an attacker controlled a repository, they could place malicious TypeScript or JavaScript modules in the .pi directory. When a user opened that repository with Pi, the malicious code would run with the same privileges as the Pi process, potentially executing arbitrary code without explicit user consent.

The vulnerability required user interaction (opening the repository) but did not provide a convenient way for the user to make a trust decision before running the code.

This issue was fixed in Pi version 0.79.0 by introducing a trust gating mechanism that requires explicit user approval before loading project-local resources.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by allowing an attacker who controls a repository to execute arbitrary code on your system with the same privileges as the Pi process.

If you open a malicious repository in Pi before version 0.79.0, the attacker’s code could run without your explicit consent, potentially leading to unauthorized actions such as data modification, information disclosure, or other malicious activities within your user environment.

Because the code runs with your user privileges, the impact depends on what permissions your user account has on the system.

Upgrading to version 0.79.0 or later mitigates this risk by requiring you to explicitly trust a project before any project-local extensions or configurations are loaded.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves Pi versions before 0.79.0 automatically loading project-local extensions from a repository's .pi directory without user approval, which could lead to arbitrary code execution if the repository is attacker-controlled.

To detect if your system is vulnerable, check the installed version of Pi. If it is older than 0.79.0, it is susceptible.

You can run the following command to check the Pi version installed on your system:

• pi --version

Additionally, inspect your current working directories for the presence of a .pi directory which could contain project-local extensions that might be loaded automatically in vulnerable versions.

To find such directories, you can use commands like:

• find /path/to/projects -type d -name ".pi"

If you find .pi directories in repositories you do not trust, and you are running a Pi version before 0.79.0, your system may be at risk.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to upgrade Pi to version 0.79.0 or later, where the vulnerability is fixed by introducing a trust gating mechanism that requires explicit user approval before loading project-local resources.

Until you upgrade, avoid opening or running Pi in repositories that you do not fully trust, especially those containing a .pi directory with project-local extensions.

Use the trust gating features introduced in version 0.79.0 to explicitly approve trusted projects and prevent automatic execution of untrusted code.

If you are running Pi in non-interactive modes, use the --no-approve or -na flags to ignore project-local inputs temporarily.

Review and manage your trusted projects by checking the trust decisions saved in ~/.pi/agent/trust.json.

Useful 0 Not Useful 0