GHSA-7v5m-pr3q-6453: Pi Agent: Potential XSS in HTML session exports via Markdown URL sanitization bypass
Summary
Pi Agent, a coding assistant tool, had a security weakness in how it exports chat sessions to HTML files. Attackers could hide malicious links in Markdown (a text formatting system) by using special control characters that browsers would ignore, allowing XSS (cross-site scripting, where malicious code runs in a webpage) to execute in the exported HTML file if a user clicked the link. The attack requires multiple steps: an attacker must inject harmful content into a session, the user must export it as HTML, and the user must click the malicious link.
Solution / Mitigation
Upgrade @earendil-works/pi-coding-agent to version 0.78.1 or later. Version 0.78.1 fixes the issue by sanitizing (cleaning) Markdown links and image URLs using an allow-list (a list of approved safe formats) after removing C0 control characters. Users of the old @mariozechner/pi-coding-agent package should migrate to the new @earendil-works/pi-coding-agent package and upgrade to version 0.78.1 or later. Regenerate any shared HTML exports after upgrading if the original sessions contained untrusted content.
Vulnerability Details
EPSS: 0.0%
Yes
June 16, 2026
Classification
Taxonomy References
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-7v5m-pr3q-6453
First tracked: June 16, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 85%