Pi.Alert, a WIFI/LAN intruder detection tool, contains a critical vulnerability in its SaveConfigFile() endpoint that allows unauthenticated remote code execution. The vulnerability occurs when user-supplied numeric configuration values are written directly to pialert.conf without validation. Since this configuration file is executed via Python's exec() function every 3-5 minutes by a background cron process, attackers can inject arbitrary Python code. On default installations with PIALERT_WEB_PROTECTION disabled, no authentication is required to exploit this vulnerability. The issue was fixed in version 2026-05-07.