Platform
linux
Component
pi-hole
Fixed in
6.0.1
CVE-2026-35521 is a Remote Code Execution (RCE) vulnerability discovered in the Pi-hole FTL engine, specifically within the DHCP hosts configuration parameter. An authenticated attacker can exploit this flaw to inject arbitrary dnsmasq configuration directives, leading to command execution on the system. This vulnerability affects Pi-hole versions 6.0.0 through 6.5, but has been resolved in version 6.6.0.
CVE-2026-35521 in Pi-hole FTL (FTLDNS) allows an authenticated attacker to remotely execute code on the underlying system. This is achieved by injecting arbitrary dnsmasq configuration directives through newline characters within the 'dhcp.hosts' configuration parameter. This vulnerability affects Pi-hole FTL versions from 6.0 up to, but not including, 6.6. It poses a significant security risk to systems utilizing Pi-hole, as a successful attacker could potentially gain control of the system, access sensitive data, or disrupt service. The CVSS severity score is 8.8, indicating a high level of risk. Successful exploitation requires authentication, but the potential impact is severe.
An attacker with authenticated access to Pi-hole configuration can exploit this vulnerability. This could be a malicious administrator or an attacker who has compromised the administrator account. The attacker injects malicious commands into the 'dhcp.hosts' parameter using newline characters to bypass validation and execute arbitrary commands on the system. The complexity of exploitation is relatively low, as it only requires authentication and the ability to modify Pi-hole configuration. The impact of exploitation can be devastating, allowing the attacker to gain full control of the system.
Exploit Status
EPSS
0.29% (53% percentile)
CISA SSVC
The solution to mitigate this vulnerability is to update Pi-hole FTL to version 6.6 or later. This version includes a fix that prevents the injection of malicious configuration directives. It is strongly recommended to update Pi-hole to the latest stable release to ensure system security. Additionally, review your DHCP configurations to ensure there are no suspicious directives. Monitor Pi-hole logs for any unusual activity that may indicate an exploitation attempt. The update is the most effective measure to protect against this vulnerability.
Actualice Pi-hole a la versión 6.6 o posterior para mitigar la vulnerabilidad de ejecución remota de código. La actualización corrige la inyección de nueva línea en la configuración de hosts DHCP, previniendo la ejecución de comandos arbitrarios en el sistema.
Vulnerability analysis and critical alerts directly to your inbox.
Pi-hole is an open-source DNS sinkhole and ad blocker.
If you are running a Pi-hole FTL version between 6.0 and 6.5.9, you are vulnerable. Check your Pi-hole version in the web interface.
If you cannot update immediately, consider restricting access to the Pi-hole configuration and monitoring logs for suspicious activity.
Currently, there are no specific tools to detect this vulnerability, but monitoring Pi-hole logs can help identify exploitation attempts.
A CVSS score of 8.8 indicates a high level of severity, meaning the vulnerability is easily exploitable and has a significant impact.
CVSS Vector
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.