Pi: Potential XSS in HTML session exports via Markdown URL...

2.5 / 10

LOW

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Description

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi HTML exports render session Markdown into a static HTML file. It did not consistently reject unsafe Markdown link and image URL schemes. In versions with scheme filtering, C0 control characters in the URL scheme could bypass the check because browsers normalize those characters before navigation. This vulnerability is fixed in 0.78.1.

Basic Information

ID CVE-2026-54326

Source GitHub_M

Published Jun 23, 2026 at 19:26

Affected Product

Vendor earendil-works

Product pi

Version >= 0.74.0, < 0.78.1

Affected Versions earendil-works pi >= 0.74.0, < 0.78.1

CWE Classification

CWE-79

References

{
    "lastseen": "",
    "description": "Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi HTML exports render session Markdown into a static HTML file. It did not consistently reject unsafe Markdown link and image URL schemes. In versions with scheme filtering, C0 control characters in the URL scheme could bypass the check because browsers normalize those characters before navigation. This vulnerability is fixed in 0.78.1.",
    "published": "2026-06-23T19:26:35.875Z",
    "modified": "2026-06-23T19:26:35.875Z",
    "type": "cve",
    "title": "Pi: Potential XSS in HTML session exports via Markdown URL sanitization bypass",
    "source": "GitHub_M",
    "references": "https://github.com/earendil-works/pi/security/advisories/GHSA-7v5m-pr3q-6453\nhttps://github.com/earendil-works/pi/commit/6cb23f9b5d5b6d1747672f535b167d0d809ac010\nhttps://github.com/earendil-works/pi/releases/tag/v0.78.1",
    "id": "CVE-2026-54326",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "earendil-works pi >= 0.74.0, < 0.78.1",
    "sourceHref": "",
    "cvss": {
        "score": 2.5,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "pi",
    "version": ">= 0.74.0, < 0.78.1",
    "vendor": "earendil-works",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Pi: Potential XSS in HTML session exports via Markdown URL sanitization bypass_CVE-2026-54326