CVE-2026-41489

Medienbericht

EPSS 0.13%
Veröffentlicht 11.05.2026 20:21:38
Zuletzt bearbeitet 13.05.2026 16:16:45
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Pi-hole: Local privilege escalation via config-controlled path in root-executed service hooks

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd (pihole-FTL-prestart.sh and pihole-FTL-poststop.sh) read the files.pid path from this config without validation and use it in privileged file operations (install and rm -f). By writing an arbitrary path into files.pid, an attacker with pihole privilege can cause root to delete and then recreate any file on the system outside the ProtectSystem=full-restricted directories, gaining write access to it. On a default Pi-hole installation this yields local privilege escalation to root via SSH authorized keys manipulation. If /root/.ssh/authorized_keys does not exist (default on fresh installs), only ExecStartPre is required. If the file exists, ExecStopPost deletes it first, and the same restart triggers both hooks in sequence. This vulnerability is fixed in Core 6.4.2 and FTL 6.6.1.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 3 Referenzen 5

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellerpi-hole

≫

Produkt pi-hole

Version >= 6.0, < 6.4.2

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.03

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	8.8	2	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-15 External Control of System or Configuration Setting

One or more system settings or configuration elements can be externally controlled by a user.

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

12.05.2026 12:19

https://github.com/pi-hole/pi-hole/security/advisories/GHSA-6w8x-p785-6pm4

https://nvd.nist.gov/vuln/detail/CVE-2026-41489

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-41489

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-41489

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-41489