CVE-2026-54326: Pi Agent: Potential XSS in HTML session exports via Markdown URL sanitization bypass

June 16, 2026

The realistic attack path is indirect. An attacker would need to get suitable Markdown into a session, for example through prompt injection that causes the model to include an unsafe link, or through other untrusted session content. The user would then need to export the session as HTML, open or share that file, and click the link.

If triggered, script runs in the exported document, not in pi or the user’s shell. The main risk is limited disclosure of data embedded in that exported session file.

References

github.com/advisories/GHSA-7v5m-pr3q-6453
github.com/earendil-works/pi/commit/6cb23f9b5d5b6d1747672f535b167d0d809ac010
github.com/earendil-works/pi/releases/tag/v0.78.1
github.com/earendil-works/pi/security/advisories/GHSA-7v5m-pr3q-6453
nvd.nist.gov/vuln/detail/CVE-2026-54326

Code Behaviors & Features

Detect and mitigate CVE-2026-54326 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →