CVE Tools

pi-hole

Networking Infrastructureoss-project

14

Cumulative CVEs

2

Monthly snapshots

#92

Peak rank

Top products

ftl6 ftldns6 web interface4

Latest CVEs

The 15 most recently published vulnerabilities affecting pi-hole.

CVE-2026-44693Pi-hole FTL: Unauthenticated Session Hijacking via Race Condition on Global Session Buffer8.8Jun 10, 2026
CVE-2026-41489Pi-hole: Local privilege escalation via config-controlled path in root-executed service hooks8.8May 11, 2026
CVE-2026-39849Pi-hole FTL remote code execution via newline injection in dns.interface configuration8.8May 5, 2026
CVE-2026-35521Pi-hole FTL affected by Remote Code Execution (RCE) via dhcp.hosts Newline Injection8.8Apr 7, 2026
CVE-2026-35520Pi-hole FTL affected by Remote Code Execution (RCE) via dhcp.leaseTime Newline Injection8.8Apr 7, 2026
CVE-2026-35519Pi-hole FTL affected by Remote Code Execution (RCE) via dns.hostRecord Newline Injection8.8Apr 7, 2026
CVE-2026-35518Pi-hole FTL affected by Remote Code Execution (RCE) via dns.cnameRecords Newline Injection8.8Apr 7, 2026
CVE-2026-35517Pi-hole FTL affected by Remote Code Execution (RCE) via dns.upstreams Newline Injection8.8Apr 7, 2026
CVE-2026-35491Pi-hole FTL: CLI API sessions can import Teleporter archives and modify configuration6.1Apr 7, 2026
CVE-2026-33405Pi-hole has a Stored HTML Injection in queries.js3.1Apr 6, 2026
CVE-2026-33727Pi-hole has a Local Privilege Escalation (post-compromise, pihole -> root).6.4Apr 6, 2026
CVE-2026-33406Pi-hole has a Stored HTML attribute injection5.4Apr 6, 2026
CVE-2026-33404Pi-hole has a Stored XSS / HTML injection in the Network page/Dashboard3.4Apr 6, 2026
CVE-2026-33403Pi-hole has a Reflected XSS / HTML injection in taillog.js6.1Apr 6, 2026
CVE-2026-33765Pi-hole Web Interface has a Command Injection Vulnerability9.8Mar 27, 2026