Pi-hole Latest Vulnerabilities

Arbitrary Command Execution Vulnerability in Pi-hole FTL

CVE-2026-39849

Pi-holeFtl8.7HIGH

Remote Code Execution Vulnerability in Pi-hole FTL Engine

CVE-2026-35521

Pi-holeFtl8.8HIGH

Remote Code Execution in Pi-hole's FTL Engine

CVE-2026-35520

Pi-holeFtl8.8HIGH

Remote Code Execution Vulnerability in Pi-hole FTL Engine

CVE-2026-35519

Pi-holeFtl8.8HIGH

Remote Code Execution Vulnerability in Pi-hole FTL Engine

CVE-2026-35518

Pi-holeFtl8.8HIGH

Remote Code Execution Vulnerability in Pi-hole FTL by Pi-hole

CVE-2026-35517

Pi-holeFtl8.8HIGH

API Authorization Bypass in Pi-hole's FTL by Pi-hole

CVE-2026-35491

Pi-holeFtl6.1MEDIUM

Stored HTML Injection in Pi-hole Admin Interface Affects Network-level Ad Blocker

CVE-2026-33405

Pi-holeWeb3.1LOW

Local Privilege Escalation in Pi-hole by Pi-hole Developers

CVE-2026-33727

Pi-holePi-hole6.4MEDIUM

HTML Attribute Injection in Pi-hole Admin Interface for Pi-hole

CVE-2026-33406

Pi-holeWeb5.4MEDIUM

Web Interface Vulnerability in Pi-hole Admin Interface by Pi-hole

CVE-2026-33404

Pi-holeWeb3.4LOW

Reflected DOM-based XSS in Pi-hole Admin Interface Affects Pi-hole

CVE-2026-33403

Pi-holeWeb6.1MEDIUM

OS Command Injection Vulnerability in Pi-hole Admin Interface by Pi-hole

CVE-2026-33765

Pi-holeWeb8.9HIGH

Stored HTML Injection Vulnerability in Pi-hole Admin Interface by Pi-hole

CVE-2026-26953

Pi-holeWeb5.4MEDIUM

Stored HTML Injection Vulnerability in Pi-hole Admin Interface

CVE-2026-26952

Pi-holeWeb5.4MEDIUM

CRLF Injection Vulnerability in Pi-hole Admin Interface by Pi-hole

CVE-2025-59151

Pi-holeWeb8.2HIGH

Reflected XSS Vulnerability in Pi-hole Admin Interface by Pi-hole

CVE-2025-53533

Pi-holeWeb👾🟡5.1MEDIUM

XSS Vulnerability in Pi-hole Admin Interface by Pi-hole

CVE-2025-32785

Pi-holeWeb2LOW

Authenticated Command Injection in Pi-hole by Pi-hole

CVE-2025-34087

Pi-hole LlcWeb👾🟡EPSS 69%9CRITICAL

Pi-hole Before 6 Allows Unauthorized Temperature Unit Changes

CVE-2024-44069

Pi-holePi-hole7.5HIGH

Pi-hole vulnerability allows remote command execution

CVE-2024-34361

Pi-holePi-hole👾🟡EPSS 58%8.6HIGH

Pi-hole Vulnerability Allows Reading of Internal Server Files

CVE-2024-28247

Pi-holePi-hole👾🟡7.6HIGH

Improper session handling of "Remember me for 7 days" functionality

CVE-2023-23614

Pi-holeAdminlte8.8HIGH

Pi-Hole/AdminLTE vulnerable due to improper access control in queryads endpoint

CVE-2022-23513

Pi-holeAdminlte5.3MEDIUM

Authenticated XSS in Pi-hole AdminLTE

CVE-2022-31029

Pi-holeAdminlte5.9MEDIUM

Vulnerability Published:

Sort By:

5 May 2026

Arbitrary Command Execution Vulnerability in Pi-hole FTL

7 April 2026

Remote Code Execution Vulnerability in Pi-hole FTL Engine

Remote Code Execution in Pi-hole's FTL Engine

Remote Code Execution Vulnerability in Pi-hole FTL Engine

Remote Code Execution Vulnerability in Pi-hole FTL Engine

Remote Code Execution Vulnerability in Pi-hole FTL by Pi-hole

API Authorization Bypass in Pi-hole's FTL by Pi-hole

6 April 2026

Stored HTML Injection in Pi-hole Admin Interface Affects Network-level Ad Blocker

Local Privilege Escalation in Pi-hole by Pi-hole Developers

HTML Attribute Injection in Pi-hole Admin Interface for Pi-hole

Web Interface Vulnerability in Pi-hole Admin Interface by Pi-hole

Reflected DOM-based XSS in Pi-hole Admin Interface Affects Pi-hole

27 March 2026

OS Command Injection Vulnerability in Pi-hole Admin Interface by Pi-hole

19 February 2026

Stored HTML Injection Vulnerability in Pi-hole Admin Interface by Pi-hole

Stored HTML Injection Vulnerability in Pi-hole Admin Interface

27 October 2025

CRLF Injection Vulnerability in Pi-hole Admin Interface by Pi-hole

Reflected XSS Vulnerability in Pi-hole Admin Interface by Pi-hole

XSS Vulnerability in Pi-hole Admin Interface by Pi-hole

3 July 2025

Authenticated Command Injection in Pi-hole by Pi-hole

19 August 2024

Pi-hole Before 6 Allows Unauthorized Temperature Unit Changes

5 July 2024

Pi-hole vulnerability allows remote command execution

27 March 2024

Pi-hole Vulnerability Allows Reading of Internal Server Files

26 January 2023

Improper session handling of "Remember me for 7 days" functionality

23 December 2022

Pi-Hole/AdminLTE vulnerable due to improper access control in queryads endpoint

7 July 2022

Authenticated XSS in Pi-hole AdminLTE