| 제목 | badlogic pi-mono 0.58.4 Zero-Click Remote Code Execution |
|---|
| 설명 | A code execution vulnerability exists in the extension loading mechanism of @mariozechner/pi-coding-agent. On startup, the agent automatically discovers and executes all TypeScript/JavaScript files found in the project-local .pi/extensions/ directory. The extension code is loaded via jiti.import() and its exported factory function is immediately invoked with full Node.js privileges — the same privileges as the user running the agent.
No user confirmation, no trust prompt, no code signing verification, and no sandboxing is applied before execution. A malicious git repository containing a .pi/extensions/backdoor.ts file achieves arbitrary code execution the moment the victim runs pi in the cloned directory.
The extension code executes during the startup phase, before the user sees any interactive prompt or has any opportunity to inspect the project configuration. This makes the vulnerability effectively zero-click after the initial pi command. |
|---|
| 원천 | ⚠️ https://github.com/August829/CVEP/issues/27 |
|---|
| 사용자 | Yu Bao (UID 88956) |
|---|
| 제출 | 2026. 03. 19. AM 10:19 (20 날 ago) |
|---|
| 모더레이션 | 2026. 04. 04. PM 03:47 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 355326 [badlogic pi-mono 까지 0.58.4 loader.ts discoverAndLoadExtensions 권한 상승] |
|---|
| 포인트들 | 20 |
|---|