Pi · Pi · CVE-2026-54325
**Name of the Vulnerable Software and Affected Versions**
Pi versions prior to 0.79.0
**Description**
Pi loaded project-local configuration and resources from a repository's `.pi` directory, including executable TypeScript or JavaScript modules known as project-local extensions, without requiring the user to trust the repository. Because extensions are not sandboxed and run within the Pi process, an attacker controlling a repository could execute arbitrary code with the same privileges as the local Pi process if a user started Pi from that working tree. This allows access to files, environment variables, credentials, the network, and local tools available to the user. The issue resides in the project resource loading path, where `.pi/settings.json`, auto-discovered resources, package-managed resources, and project instruction files were loaded during session initialization before a trust boundary was established.
**Recommendations**
Update Pi to version 0.79.0 or later.
As a temporary workaround, avoid running Pi in untrusted repositories or use an external operating-system sandbox, container, or VM to isolate the execution environment.
Inspect and remove project-local Pi configuration and resources, specifically project-local extensions and package configuration, before use in untrusted repositories.