Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

pi-hole — Vulnerabilities & Security Advisories 30

Browse all 30 CVE security advisories affecting pi-hole. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by pi-hole:webAdminLTEFTLpi-holepi-hole/adminlte
CVE IDTitleCVSSSeverityPublished
CVE-2026-35521 Pi-hole FTL affected by Remote Code Execution (RCE) via dhcp.hosts Newline Injection — FTLCWE-78 8.8 High2026-04-07
CVE-2026-35520 Pi-hole FTL affected by Remote Code Execution (RCE) via dhcp.leaseTime Newline Injection — FTLCWE-78 8.8 High2026-04-07
CVE-2026-35519 Pi-hole FTL affected by Remote Code Execution (RCE) via dns.hostRecord Newline Injection — FTLCWE-78 8.8 High2026-04-07
CVE-2026-35518 Pi-hole FTL affected by Remote Code Execution (RCE) via dns.cnameRecords Newline Injection — FTLCWE-78 8.8 High2026-04-07
CVE-2026-35517 Pi-hole FTL affected by Remote Code Execution (RCE) via dns.upstreams Newline Injection — FTLCWE-78 8.8 High2026-04-07
CVE-2026-35491 Pi-hole FTL: CLI API sessions can import Teleporter archives and modify configuration — FTLCWE-863 6.1 Medium2026-04-07
CVE-2026-33405 Pi-hole has a Stored HTML Injection in queries.js — webCWE-79 3.1 Low2026-04-06
CVE-2026-33727 Pi-hole has a Local Privilege Escalation (post-compromise, pihole -> root). — pi-holeCWE-269 6.4 Medium2026-04-06
CVE-2026-33406 Pi-hole has a Stored HTML attribute injection — webCWE-79 5.4 Medium2026-04-06
CVE-2026-33404 Pi-hole has a Stored XSS / HTML injection in the Network page/Dashboard — webCWE-79 3.4 Low2026-04-06
CVE-2026-33403 Pi-hole has a Reflected XSS / HTML injection in taillog.js — webCWE-79 6.1 Medium2026-04-06
CVE-2026-33765 Pi-hole Web Interface has a Command Injection Vulnerability — webCWE-78 9.8 -2026-03-27
CVE-2026-26953 Pi-hole Web Interface has Stored HTML Injection via X-Forwarded-For Header in Active Sessions Table — webCWE-20 5.4 Medium2026-02-19
CVE-2026-26952 Pi-hole Web Interface has Stored HTML Injection via Local DNS Records (CNAME/Hosts) in data-tag Attribute — webCWE-20 5.4 Medium2026-02-19
CVE-2025-59151 Pi-hole Admin Interface vulnerable to HTTP response header injection via CRLF injection — webCWE-93 8.2 High2025-10-27
CVE-2025-53533 Pi-hole Admin Interface vulnerable to cross-site scripting via malformed URL path on 404 error page — webCWE-79 6.1AIMediumAI2025-10-27
CVE-2025-32785 Pi-hole Admin Interface vulnerable to persistent XSS on Subscribed lists group management (Adress Field) — webCWE-79 5.4AIMediumAI2025-10-27
CVE-2024-34361 Pi-hole Blind Server-Side Request Forgery (SSRF) vulnerability can lead to Remote Code Execution (RCE) — pi-holeCWE-918 8.6 High2024-07-05
CVE-2024-28247 Pihole Authenticated Arbitrary File Read with root privileges — pi-holeCWE-200 7.6 High2024-03-27
CVE-2023-23614 Improper session handling of "Remember me for 7 days" functionality — AdminLTECWE-613 8.8 High2023-01-26
CVE-2022-23513 Pi-Hole/AdminLTE vulnerable due to improper access control in queryads endpoint — AdminLTECWE-284 5.3 Medium2022-12-22
CVE-2022-31029 Authenticated XSS in Pi-hole AdminLTE — AdminLTECWE-79 5.9 Medium2022-07-07
CVE-2021-41175 Stored XSS in Client Groups Management (Authenticated) — AdminLTECWE-79 7.3 High2021-10-26
CVE-2021-3812 Cross-site Scripting (XSS) - Reflected in pi-hole/adminlte — pi-hole/adminlteCWE-79 6.1 -2021-09-17
CVE-2021-3811 Cross-site Scripting (XSS) - Reflected in pi-hole/adminlte — pi-hole/adminlteCWE-79 6.1 -2021-09-17
CVE-2021-3706 Sensitive Cookie Without 'HttpOnly' Flag in pi-hole/adminlte — pi-hole/adminlteCWE-1004 7.5 -2021-09-15
CVE-2021-32793 Stored XSS Vulnerability in the Pi-hole Webinterface — AdminLTECWE-79 5.7 Medium2021-08-04
CVE-2021-32706 (Authenticated) Remote Code Execution Possible in Web Interface 5.5 — AdminLTECWE-94 7.6 High2021-08-04
CVE-2021-29448 Stored DOM XSS in Pi-hole Admin Web Interface — AdminLTECWE-79 7.6 High2021-04-15
CVE-2021-29449 Multiple Privilege Escalation Vulnerabilities Pihole — pi-holeCWE-269 6.3 Medium2021-04-14

This page lists every published CVE security advisory associated with pi-hole. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.