VYPR
High severityNVD Advisory· Published May 27, 2026· Updated May 29, 2026

CVE-2026-44886

CVE-2026-44886

Description

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devices.php route accepts requests from unauthenticated users when the action URL parameter is set to getDevicesTotals. The scansource URL parameter is then injected in a SQL query. This vulnerability is fixed in 2026-05-07.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Leiweibau/Pi.alertinferred2 versions
    >=2024-06-29,<2026-05-07+ 1 more
    • (no CPE)range: >=2024-06-29,<2026-05-07
    • (no CPE)range: <2026-05-07

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.