CVE-2026-54327

CVE-2026-54327 is a low-severity incorrect permission assignment for critical resource vulnerability in @mariozechner/pi-coding-agent (npm), affecting versions >= 0.28.0, <= 0.73.1. It is fixed in 0.78.1.

Summary

Pi auth.json writes could briefly expose stored credentials to local users

Pi stored API keys and OAuth credentials in auth.json. A race condition in the file write path could briefly create or rewrite this file with permissions derived from the process umask before tightening the file to owner-only permissions.

Info

The affected credential storage code wrote auth.json and then corrected the file mode in a separate operation. During the interval between those operations, a local user who could read and traverse the Pi agent configuration directory could potentially read the file before its permissions were restricted.

The file can contain API keys, OAuth access tokens, and OAuth refresh tokens for configured providers. The affected behavior was present in the original auth.json credential storage implementation and thus affects both the original @mariozechner/pi-coding-agent package as well as @earendil-works/pi-coding-agent.

Affected versions

  • Affected: @mariozechner/pi-coding-agent >= 0.28.0, <= 0.73.1
  • Affected: @earendil-works/pi-coding-agent >= 0.74.0, < 0.78.1
  • Patched: @earendil-works/pi-coding-agent >= 0.78.1

The solution

Version 0.78.1 changed the credential storage writes to create auth.json with mode 0600 at open time. The fix applies to initial file creation and credential save paths, including OAuth token refresh writes.

Recommendations

Upgrade to @earendil-works/pi-coding-agent version 0.78.1 or later. Users still on the deprecated @mariozechner/pi-coding-agent package should migrate to the @earendil-works/pi-coding-agent package and install version 0.78.1 or later.

After upgrading, rotate any credentials that may have been exposed on multi-user systems where the Pi agent configuration directory was readable by other local users.

Workarounds

If upgrading immediately is not possible, restrict the Pi agent configuration directory so only the owning user can traverse it, restrict auth.json to owner-only permissions, and run Pi with a restrictive umask such as 077 until the upgrade is complete.

Timeline

  • 2026-05-29: Report received
  • 2026-06-02: Fix committed
  • 2026-06-04: Fixed version released
  • 2026-06-08: Advisory published

Credits

Reported by Paul Urian and Cosmin Alexa of CrowdStrike.

Impact

Exploitation requires local access to the same machine and read/traverse access to the victim's Pi agent configuration directory. Users whose ~/.pi/agent directory is private to their account are less exposed. The main impact is disclosure of stored provider credentials, which may allow use of the configured provider accounts according to the privileges of those credentials.

This is not remotely exploitable by itself.

A file, directory, or other resource is assigned permissions that allow broader access than intended. Typical impact: unauthorized read, modification, or execution of the resource.

CVE-2026-54327 has a CVSS score of 2.2 (Low). The vector is requires local access, low privileges required, and user interaction required. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (0.78.1); upgrading removes the vulnerable code path.

Affected versions

@mariozechner/pi-coding-agent (>= 0.28.0, <= 0.73.1) @earendil-works/pi-coding-agent (>= 0.74.0, < 0.78.1)

Security releases

@earendil-works/pi-coding-agent → 0.78.1 (npm)

Kodem intelligence

Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.

Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.

See it in your environment

Remediation advice

Upgrade @earendil-works/pi-coding-agent to 0.78.1 or later to resolve this vulnerability.

Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.

Frequently Asked Questions

  1. What is CVE-2026-54327? CVE-2026-54327 is a low-severity incorrect permission assignment for critical resource vulnerability in @mariozechner/pi-coding-agent (npm), affecting versions >= 0.28.0, <= 0.73.1. It is fixed in 0.78.1. A file, directory, or other resource is assigned permissions that allow broader access than intended.
  2. How severe is CVE-2026-54327? CVE-2026-54327 has a CVSS score of 2.2 (Low). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
  3. Which packages are affected by CVE-2026-54327?
    • @mariozechner/pi-coding-agent (npm) (versions >= 0.28.0, <= 0.73.1)
    • @earendil-works/pi-coding-agent (npm) (versions >= 0.74.0, < 0.78.1)
  4. Is there a fix for CVE-2026-54327? Yes. CVE-2026-54327 is fixed in 0.78.1. Upgrade to this version or later.
  5. Is CVE-2026-54327 exploitable, and should I be worried? Whether CVE-2026-54327 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
  6. What actually determines whether CVE-2026-54327 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
  7. How do I fix CVE-2026-54327? Upgrade @earendil-works/pi-coding-agent to 0.78.1 or later.

Other vulnerabilities in @mariozechner/pi-coding-agent

CVE-2026-54328CVE-2026-54326

Stop the waste.
Protect your environment with Kodem.