Code Execution Vulnerability in Pi-hole DNS Sinkhole
CVE-2026-50130
8.8HIGH
What is CVE-2026-50130?
A security flaw in Pi-hole versions 6.0 to 6.4.2 allows an unprivileged user to escalate privileges to root by maliciously modifying the /etc/pihole/logrotate file. This occurs due to improper handling during the execution of the daily pihole flush cron job, which processes files under the root user context, potentially leading to the execution of unauthorized commands. The issue has been resolved in version 6.4.3.
Affected Version(s)
pi-hole >= 6.0.0, < 6.4.3
