SQL Injection in Leiweibau Pi.alert

CVE-2026-44886

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devices.php route accepts requests from unau…

Vulnerability class: SQL Injection

EPSS: 0.001 (24.7th percentile) — read the EPSS interpretation.

Affected products

Leiweibau Pi.alert — versions >= 2024-06-29, < 2026-05-07

Weakness classification (CWE)

CWE-89 — SQL Injection

References

security-advisories@github.com (x_refsource_CONFIRM)