CVE-2026-33727: Pi-hole Privilege Escalation (6.4)
Platform
linux
Component
pi-hole
Fixed in
6.4.1
CVE-2026-33727 is a local privilege escalation vulnerability discovered in Pi-hole, a network-level advertisement and tracker blocking application. This flaw allows code execution as root from the low-privilege pihole account, even though the pihole account is configured with nologin. The vulnerability exists in versions 6.4 through 6.4 (excluding 6.4.1) and is resolved in version 6.4.1.
How to fix
Actualice Pi-hole a la versión 6.4.1 o posterior para mitigar la vulnerabilidad de elevación de privilegios. La actualización corrige la forma en que Pi-hole maneja el contenido en /etc/pihole/versions, evitando la ejecución de código malicioso como root.
Frequently asked questions
What is CVE-2026-33727?
CVE-2026-33727 is a privilege escalation vulnerability in Pi-hole versions 6.4–>= 6.4, < 6.4.1. It allows an attacker who has already compromised a Pi-hole component to execute code as root by exploiting how Pi-hole scripts source content from /etc/pihole/versions.
Am I affected by CVE-2026-33727?
You are affected if you are running Pi-hole version 6.4 (and not 6.4.1). This vulnerability allows for privilege escalation, potentially leading to full system compromise.
How do I fix CVE-2026-33727?
Update Pi-hole to version 6.4.1 or later to resolve this vulnerability. This update addresses the issue by preventing the root-run Pi-hole scripts from executing attacker-controlled content.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free