CVE-2026-54326
Received Received - Intake
Markdown Injection in Pi HTML Exports via Unsafe URL Schemes

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: GitHub, Inc.

Description
Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi HTML exports render session Markdown into a static HTML file. It did not consistently reject unsafe Markdown link and image URL schemes. In versions with scheme filtering, C0 control characters in the URL scheme could bypass the check because browsers normalize those characters before navigation. This vulnerability is fixed in 0.78.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-06-24
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2026-54326
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
earendil-works pi-coding-agent to 0.78.1 (exc)
earendil-works pi-coding-agent 0.78.1
mariozechner pi-coding-agent to 0.73.1 (exc)
mariozechner pi-coding-agent 0.73.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-54326 is a Cross-Site Scripting (XSS) vulnerability found in the Pi terminal coding harness, specifically in its HTML session export feature. Versions from 0.74.0 up to but not including 0.78.1 did not consistently reject unsafe Markdown link and image URL schemes. Attackers could exploit this by injecting Markdown containing malicious URLs with C0 control characters in the URL scheme, which bypassed the filtering because browsers normalize these characters before navigation.

The vulnerability allows an attacker to inject malicious scripts into the exported HTML session file. When a user exports a session as HTML and opens or shares the file, clicking the malicious link triggers the script execution within the exported document. However, the script runs only in the context of the exported HTML file, not within the Pi application or the user's shell.

This issue was fixed in version 0.78.1 by implementing stricter URL sanitization that removes control characters and only allows URLs with safe schemes.

Impact Analysis

The impact of this vulnerability is limited but notable. If exploited, an attacker can execute malicious scripts within the exported HTML session file when a user opens or shares it and clicks on a crafted link.

This could lead to a stored Cross-Site Scripting (XSS) attack scenario where the attacker might attempt to steal data from the exported session file or perform other malicious actions within the context of the HTML document.

However, the risk is limited because the script runs only in the exported HTML file's context, not in the Pi application or the user's system shell. The CVSS score is low (2.5), indicating a low severity with local attack vector, high attack complexity, no privileges required, and user interaction needed.

Detection Guidance

This vulnerability involves unsafe Markdown link and image URL schemes in HTML session exports of the Pi coding harness, which can be exploited by injecting malicious Markdown that bypasses URL scheme filtering.

Detection would involve inspecting exported HTML session files for unsafe or suspicious URL schemes in Markdown links or images, especially those containing C0 control characters that could bypass filtering.

Since the vulnerability is triggered by exported HTML files containing unsafe URLs, you can search for such patterns in exported HTML files using commands like:

  • grep -P '[\x00-\x1F\x7F]' exported_session.html
  • grep -E '(javascript:|vbscript:|data:)' exported_session.html

These commands help identify control characters or dangerous URL schemes in the exported HTML files. Additionally, reviewing session export files for unexpected or suspicious Markdown links can help detect exploitation attempts.

Mitigation Strategies

The primary mitigation step is to upgrade the affected pi-coding-agent package to version 0.78.1 or later, where the vulnerability has been fixed.

After upgrading, regenerate any previously exported HTML session files that may contain untrusted Markdown content to ensure they no longer include unsafe URL schemes.

If you are using the older @mariozechner/pi-coding-agent package, migrate to the new @earendil-works/pi-coding-agent package and upgrade to version 0.78.1 or later.

The fix involves sanitizing Markdown link and image URLs by stripping C0 control characters and validating URL schemes against an allow-list of safe schemes (http, https, mailto, tel, ftp).

Compliance Impact

The vulnerability is a stored Cross-Site Scripting (XSS) issue in HTML session exports caused by improper sanitization of Markdown link and image URLs. It allows an attacker to inject malicious scripts into exported HTML files, which run when the file is opened or shared.

The risk posed by this vulnerability is limited to the exported HTML document and does not directly impact the pi application or the user's shell environment. The confidentiality impact is rated as low, with no impact on integrity or availability.

Given the low confidentiality impact and the local attack vector requiring user interaction, the vulnerability poses a limited risk of unauthorized data disclosure from the exported session file.

While the vulnerability could potentially expose sensitive information if untrusted content is included in exported sessions, the limited scope and low impact suggest a minimal effect on compliance with standards like GDPR or HIPAA. However, organizations should upgrade to the fixed version and regenerate shared HTML exports to mitigate any risk of data leakage.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54326. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart