Plataforma
linux
Componente
pi-hole-ftl
Corrigido em
6.0.1
CVE-2026-35520 is a Remote Code Execution (RCE) vulnerability discovered in the Pi-hole FTL (FTLDNS) component. This flaw allows an authenticated attacker to inject malicious configuration directives, potentially leading to complete system compromise. The vulnerability affects versions 6.0.0 through 6.5 and has been resolved in version 6.6.0.
The impact of CVE-2026-35520 is significant. Successful exploitation allows an attacker to execute arbitrary commands on the underlying Linux system hosting the Pi-hole instance. This could lead to data theft, system takeover, and potential lateral movement within the network. The ability to inject dnsmasq configuration directives provides a powerful attack vector, bypassing typical security controls. While authentication is required, a compromised user account or weak credentials could provide access to exploit this vulnerability. This is similar to other DNS server configuration vulnerabilities where malicious directives can be injected to manipulate DNS resolution and potentially redirect traffic to attacker-controlled servers.
CVE-2026-35520 was publicly disclosed on 2026-04-07. Currently, there is no indication of active exploitation in the wild. The vulnerability is not listed on the CISA KEV catalog as of this writing. Public proof-of-concept exploits are not yet widely available, but the vulnerability's nature suggests it could be relatively easy to exploit once a PoC is released.
Organizations running Pi-hole with versions 6.0.0 through 6.5 are at risk. This includes home users, small businesses, and larger organizations utilizing Pi-hole for ad blocking and DNS filtering. Shared hosting environments where Pi-hole is installed are particularly vulnerable due to the potential for compromised user accounts to be leveraged for exploitation.
• linux / server:
journalctl -u pihole-FTL | grep dhcp.leaseTime• linux / server:
ps aux | grep -i dnsmasq• linux / server:
cat /etc/dnsmasq.conf | grep -i dhcp.leaseTimedisclosure
Status do Exploit
EPSS
0.23% (percentil 45%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2026-35520 is to upgrade Pi-hole FTL to version 6.6.0 or later. If an immediate upgrade is not feasible, consider temporarily restricting access to the DHCP lease time configuration parameter within the Pi-hole web interface. Review user accounts and enforce strong password policies to minimize the risk of unauthorized access. Monitor system logs for unusual activity related to dnsmasq configuration changes. While a WAF is unlikely to directly mitigate this, monitoring for unusual DNS query patterns could provide an early warning sign of exploitation. After upgrading, confirm the fix by verifying the FTL version and attempting to access the DHCP lease time configuration parameter, ensuring it is properly restricted.
Actualice Pi-hole FTL a la versión 6.6 o superior para mitigar la vulnerabilidad de ejecución remota de código. La actualización se puede realizar a través del panel de control de Pi-hole o mediante la actualización manual del paquete FTLDNS.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2026-35520 is a Remote Code Execution vulnerability in Pi-hole FTL, allowing authenticated attackers to execute commands on the system. It affects versions 6.0.0 through 6.5.
You are affected if you are running Pi-hole FTL versions 6.0.0 through 6.5. Upgrade to 6.6.0 or later to mitigate the risk.
Upgrade Pi-hole FTL to version 6.6.0 or later. Temporarily restrict access to the DHCP lease time configuration parameter as a workaround.
There is currently no evidence of active exploitation in the wild, but the vulnerability's nature suggests it could be exploited once a proof-of-concept is released.
Refer to the official Pi-hole security advisory on their website for detailed information and updates: [https://pi-hole.net/security/](https://pi-hole.net/security/)
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.