Pi-hole

Ftldns

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2026-39849

Medienbericht Exploit
  • EPSS 0.96%
  • Veröffentlicht 05.05.2026 21:16:22
  • Zuletzt bearbeitet 12.05.2026 16:27:27

Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. In versions before 6.6.1, the `dns.interface` configuration field in Pi-hole FTL accepted newline characters without validation, allowing an attacker to in...

8.8

CVE-2026-35521

Exploit
  • EPSS 0.69%
  • Veröffentlicht 07.04.2026 15:20:26
  • Zuletzt bearbeitet 28.04.2026 20:24:49

FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulnerability in the DHCP hosts configuration parameter (...

8.8

CVE-2026-35520

Exploit
  • EPSS 0.7%
  • Veröffentlicht 07.04.2026 15:19:21
  • Zuletzt bearbeitet 28.04.2026 20:28:50

FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulnerability in the DHCP lease time configuration parame...

8.8

CVE-2026-35519

  • EPSS 0.54%
  • Veröffentlicht 07.04.2026 15:18:27
  • Zuletzt bearbeitet 28.04.2026 20:31:48

FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulnerability in the DNS host record configuration parame...

8.8

CVE-2026-35518

Exploit
  • EPSS 0.69%
  • Veröffentlicht 07.04.2026 15:17:39
  • Zuletzt bearbeitet 28.04.2026 20:35:34

FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulnerability in the DNS CNAME records configuration para...

8.8

CVE-2026-35517

Exploit
  • EPSS 0.86%
  • Veröffentlicht 07.04.2026 15:16:02
  • Zuletzt bearbeitet 28.04.2026 20:36:11

FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulnerability in the upstream DNS servers configuration p...

6.1

CVE-2026-35491

Exploit
  • EPSS 0.16%
  • Veröffentlicht 07.04.2026 15:00:11
  • Zuletzt bearbeitet 17.04.2026 19:47:02

FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature (webserver.api.cli_pw) that creates “CLI” API sessions intended to be read-...

8.8

CVE-2021-29448

Exploit
  • EPSS 0.67%
  • Veröffentlicht 15.04.2021 16:15:14
  • Zuletzt bearbeitet 21.11.2024 06:01:07

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the network access to DNS server. See the referenced GitHu...