VYPR
Critical severity9.8NVD Advisory· Published May 27, 2026· Updated May 29, 2026

CVE-2026-44887

CVE-2026-44887

Description

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file via Python's exec(), injected code executes as the daemon process. With web protection disabled (the default configuration), no authentication is required, making this an unauthenticated Remote Code Execution vulnerability. This vulnerability is fixed in 2026-05-07.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Leiweibau/Pi.alertinferred2 versions
    <2026-05-07+ 1 more
    • (no CPE)range: <2026-05-07
    • (no CPE)range: <2026-05-07

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.