Platform
linux
Component
pi-hole
Fixed in
6.4.1
CVE-2026-33727 is a local privilege escalation vulnerability discovered in Pi-hole, a network-level advertisement and tracker blocking application. This flaw allows code execution as root from the low-privilege pihole account, even though the pihole account is configured with nologin. The vulnerability exists in versions 6.4 through 6.4 (excluding 6.4.1) and is resolved in version 6.4.1.
CVE-2026-33727 affects Pi-hole version 6.4, enabling local privilege escalation. While the 'pihole' account is configured with 'nologin', preventing direct interactive logins, the vulnerability allows code execution as root if a Pi-hole component is compromised. This is particularly concerning in post-compromise scenarios where an attacker could inject malicious content into the root directory, leveraging execution with the 'pihole' account's privileges. The CVSS score is 6.4, indicating a moderate risk. There is no associated KEV (Knowledge Entry Validation), suggesting limited or developing information about the vulnerability.
Exploitation of this vulnerability requires an attacker to have already compromised a Pi-hole component. The 'nologin' configuration of the 'pihole' account makes direct exploitation difficult, but not impossible. An attacker could, for example, compromise a script or service running under the 'pihole' account and inject malicious code. This code, executing with root privileges, could allow the attacker to gain control of the system. The presence of attacker-controlled content in the root directory is key to exploitation.
Exploit Status
EPSS
0.01% (3% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to update Pi-hole to version 6.4.1 or higher. This version includes a fix for the privilege escalation vulnerability. Additionally, it's recommended to review and strengthen system security measures, including system activity monitoring, applying security patches to other operating system components, and implementing a firewall to limit access to Pi-hole. Ensuring all Pi-hole components are updated and securely configured is crucial to minimize the attack surface. Regular Pi-hole configuration audits are also a good practice.
Update Pi-hole to version 6.4.1 or later to mitigate the privilege escalation vulnerability. The update corrects how Pi-hole handles content in /etc/pihole/versions, preventing unauthorized code execution with root privileges.
Vulnerability analysis and critical alerts directly to your inbox.
It means the 'pihole' account cannot be used to log in directly, but it can still execute processes with its privileges.
Yes, it is highly recommended. Updating to version 6.4.1 corrects the vulnerability and prevents potential future attacks.
Ensure your operating system is up-to-date, use strong passwords, and consider implementing a firewall.
KEV (Knowledge Entry Validation) is a process for validating vulnerability information. The absence of a KEV doesn't mean the vulnerability isn't real, but the information might be limited.
You can verify your Pi-hole version by accessing the web administration interface or running the command pihole -v in the terminal.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.