pi-coding-agent

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2026-54328	Mariozechner pi-coding-agent	hig	0.38	—	—		Jun 17, 2026	# Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts Pi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directory. On Linux-based multi-user systems, a…
CVE-2026-54327	Mariozechner pi-coding-agent	low	0.00	—	—		Jun 17, 2026	# Pi auth.json writes could briefly expose stored credentials to local users Pi stored API keys and OAuth credentials in `auth.json`. A race condition in the file write path could briefly create or rewrite this file with permissions derived from the process umask before…

CVE-2026-54328higJun 17, 2026
Mariozechner
pi-coding-agent
risk 0.38cvss —epss —
# Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts Pi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directory. On Linux-based multi-user systems, a…
CVE-2026-54327lowJun 17, 2026
Mariozechner
pi-coding-agent
risk 0.00cvss —epss —
# Pi auth.json writes could briefly expose stored credentials to local users Pi stored API keys and OAuth credentials in `auth.json`. A race condition in the file write path could briefly create or rewrite this file with permissions derived from the process umask before…