UNKNOWNCVE-2026-5556
badlogic pi-mono loader.ts discoverAndLoadExtensions code injection
Platform
nodejs
Component
pi-mono
A security vulnerability has been detected in badlogic pi-mono up to 0.58.4. This vulnerability affects the function discoverAndLoadExtensions of the file packages/coding-agent/src/core/extensions/loader.ts. The manipulation leads to code injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
How to fix
Actualice a una versión corregida de pi-mono. La descripción del CVE indica que la vulnerabilidad se encuentra en las versiones 0.58.0 a 0.58.4, por lo que se recomienda actualizar a una versión posterior a estas para mitigar el riesgo de inyección de código.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free