| عنوان | badlogic pi-mono 0.58.4 Zero-Click Remote Code Execution |
|---|
| الوصف | A code execution vulnerability exists in the extension loading mechanism of @mariozechner/pi-coding-agent. On startup, the agent automatically discovers and executes all TypeScript/JavaScript files found in the project-local .pi/extensions/ directory. The extension code is loaded via jiti.import() and its exported factory function is immediately invoked with full Node.js privileges — the same privileges as the user running the agent.
No user confirmation, no trust prompt, no code signing verification, and no sandboxing is applied before execution. A malicious git repository containing a .pi/extensions/backdoor.ts file achieves arbitrary code execution the moment the victim runs pi in the cloned directory.
The extension code executes during the startup phase, before the user sees any interactive prompt or has any opportunity to inspect the project configuration. This makes the vulnerability effectively zero-click after the initial pi command. |
|---|
| المصدر | ⚠️ https://github.com/August829/CVEP/issues/27 |
|---|
| المستخدم | Yu Bao (UID 88956) |
|---|
| ارسال | 19/03/2026 10:19 AM (1 شهر منذ) |
|---|
| الاعتدال | 04/04/2026 03:47 PM (16 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 355326 [badlogic pi-mono حتى 0.58.4 loader.ts discoverAndLoadExtensions تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|