Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

pi-hole — Vulnerabilities & Security Advisories 31

Browse all 31 CVE security advisories affecting pi-hole. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Pi-hole operates as a network-wide ad and tracker blocking DNS sinkhole, primarily deployed in home and small business environments to filter malicious traffic at the network level. Historically, its security profile has been marred by critical flaws, including remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities within its web interface and API. These weaknesses often stemmed from insufficient input validation, allowing attackers to gain unauthorized administrative access or execute arbitrary commands on the underlying Linux system. With thirty-one Common Vulnerabilities and Exposures (CVEs) currently on record, the software has faced significant scrutiny regarding its codebase maintenance and patching speed. While it provides essential privacy benefits by blocking unwanted network requests, its history of privilege escalation and RCE risks highlights the importance of keeping the installation updated and restricting web interface access to trusted networks only.

Found 7 results / 31Clear Filters
Top products by pi-hole: web AdminLTE FTL pi-hole pi-hole/adminlte
CVE IDTitleCVSSSeverityPublished
CVE-2026-39849 Pi-hole FTL remote code execution via newline injection in dns.interface configuration — FTLCWE-93 8.8 -2026-05-05
CVE-2026-35521 Pi-hole FTL affected by Remote Code Execution (RCE) via dhcp.hosts Newline Injection — FTLCWE-78 8.8 High2026-04-07
CVE-2026-35520 Pi-hole FTL affected by Remote Code Execution (RCE) via dhcp.leaseTime Newline Injection — FTLCWE-78 8.8 High2026-04-07
CVE-2026-35519 Pi-hole FTL affected by Remote Code Execution (RCE) via dns.hostRecord Newline Injection — FTLCWE-78 8.8 High2026-04-07
CVE-2026-35518 Pi-hole FTL affected by Remote Code Execution (RCE) via dns.cnameRecords Newline Injection — FTLCWE-78 8.8 High2026-04-07
CVE-2026-35517 Pi-hole FTL affected by Remote Code Execution (RCE) via dns.upstreams Newline Injection — FTLCWE-78 8.8 High2026-04-07
CVE-2026-35491 Pi-hole FTL: CLI API sessions can import Teleporter archives and modify configuration — FTLCWE-863 6.1 Medium2026-04-07

This page lists every published CVE security advisory associated with pi-hole. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.