Code Execution Vulnerability in Pi-hole DNS Sinkhole
CVE-2026-50130

8.8HIGH

Key Information:

Vendor

Pi-hole

Status
Vendor
CVE Published:
14 July 2026

What is CVE-2026-50130?

A security flaw in Pi-hole versions 6.0 to 6.4.2 allows an unprivileged user to escalate privileges to root by maliciously modifying the /etc/pihole/logrotate file. This occurs due to improper handling during the execution of the daily pihole flush cron job, which processes files under the root user context, potentially leading to the execution of unauthorized commands. The issue has been resolved in version 6.4.3.

Affected Version(s)

pi-hole >= 6.0.0, < 6.4.3

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.