CVE-2026-44886
Pi.Alert: Web Interface Vulnerable to Unauthenticated Blind SQL Injection
CVSS Score
0.0
EPSS Score
0.1%
EPSS Percentile
20th
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devices.php route accepts requests from unauthenticated users when the action URL parameter is set to getDevicesTotals. The scansource URL parameter is then injected in a SQL query. This vulnerability is fixed in 2026-05-07.
| CWE | CWE-89 |
| Vendor | leiweibau |
| Product | pi.alert |
| Published | May 27, 2026 |
| Last Updated | May 28, 2026 |
Stay Ahead of the Next One
Get instant alerts for leiweibau pi.alert
Be the first to know when new unknown vulnerabilities affecting leiweibau pi.alert are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
leiweibau / Pi.Alert
>= 2024-06-29, < 2026-05-07