| タイトル | badlogic pi-mono 0.58.4 Zero-Click Remote Code Execution |
|---|
| 説明 | A code execution vulnerability exists in the extension loading mechanism of @mariozechner/pi-coding-agent. On startup, the agent automatically discovers and executes all TypeScript/JavaScript files found in the project-local .pi/extensions/ directory. The extension code is loaded via jiti.import() and its exported factory function is immediately invoked with full Node.js privileges — the same privileges as the user running the agent.
No user confirmation, no trust prompt, no code signing verification, and no sandboxing is applied before execution. A malicious git repository containing a .pi/extensions/backdoor.ts file achieves arbitrary code execution the moment the victim runs pi in the cloned directory.
The extension code executes during the startup phase, before the user sees any interactive prompt or has any opportunity to inspect the project configuration. This makes the vulnerability effectively zero-click after the initial pi command. |
|---|
| ソース | ⚠️ https://github.com/August829/CVEP/issues/27 |
|---|
| ユーザー | Yu Bao (UID 88956) |
|---|
| 送信 | 2026年03月19日 10:19 (18 日 ago) |
|---|
| モデレーション | 2026年04月04日 15:47 (16 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 355326 [badlogic pi-mono 迄 0.58.4 loader.ts discoverAndLoadExtensions 特権昇格] |
|---|
| ポイント | 20 |
|---|