threat
engine
.sh
Back
·
··:··
Home
/
Product
/
pi hole pi hole
Product
pi hole pi hole
42 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-39849
all versions
Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. In versions before 6.6.1, the `dns.
8.8
HIGH
CVE-2026-35521
>= 6.0 and <= 6.5
FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6,
8.8
HIGH
CVE-2026-35520
>= 6.0 and <= 6.5
FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6,
8.8
HIGH
CVE-2026-35519
>= 6.0 and <= 6.5
FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6,
8.8
HIGH
CVE-2026-35518
>= 6.0 and <= 6.5
FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6,
8.8
HIGH
CVE-2026-35517
>= 6.0 and <= 6.5
FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6,
8.8
HIGH
CVE-2026-35491
>= 6.0 and < 6.6
FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6,
6.1
MEDIUM
CVE-2026-33727
all versions
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Version 6.4 has a local privilege-escala
6.4
MEDIUM
CVE-2026-33405
>= 6.0 and <= 6.4.1
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Fro
3.1
LOW
CVE-2026-33406
>= 6.0 and <= 6.4.1
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Fro
5.4
MEDIUM
CVE-2026-33404
>= 6.0 and <= 6.4.1
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Fro
3.4
LOW
CVE-2026-33403
>= 6.0 and <= 6.4.1
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Fro
6.1
MEDIUM
CVE-2026-33765
< 6.0
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Ver
9.8
CRITICAL
CVE-2026-26953
>= 6.0 and < 6.4.1
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Ve
5.4
MEDIUM
CVE-2026-26952
< 6.4.1
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Ver
5.4
MEDIUM
CVE-2025-59151
< 6.3
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking appli
8.2
HIGH
CVE-2025-53533
< 6.3
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking appli
6.1
MEDIUM
CVE-2025-32785
< 6.3
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking appli
5.4
MEDIUM
CVE-2025-34087
<= 3.3
An authenticated command injection vulnerability exists in Pi-hole versions up to 3.3. When adding a domain to the allowlist via t
8.8
HIGH
CVE-2024-44069
< 6.0
Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the temperature units of the web dashboard. NOT
7.5
HIGH
CVE-2024-34361
< 5.18.3
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability
8.5
HIGH
CVE-2024-28247
< 5.18
The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vuln
7.6
HIGH
CVE-2023-23614
>= 4.0 and < 5.18.3
Pi-hole®'s Web interface (based off of AdminLTE) provides a central location to manage your Pi-hole. Versions 4.0 and above, prio
8.8
HIGH
CVE-2022-23513
<= 5.17
Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of
5.3
MEDIUM
CVE-2022-31029
< 5.13
AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like `<script>alert("XSS")</scrip
5.9
MEDIUM
CVE-2021-41175
< 5.8
Pi-hole's Web interface (based on AdminLTE) provides a central location to manage one's Pi-hole and review the statistics generate
7.3
HIGH
CVE-2021-3812
< 5.6
adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
6.1
MEDIUM
CVE-2021-3811
< 5.6
adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
6.1
MEDIUM
CVE-2021-3706
< 5.6
adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag
7.5
HIGH
CVE-2021-32793
< 5.5.1
Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-ho
5.7
MEDIUM
CVE-2021-32706
< 5.5.1
Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-ho
7.6
HIGH
CVE-2021-29448
all versions
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Adm
7.6
HIGH
CVE-2021-29449
<= 5.2.4
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabil
6.3
MEDIUM
CVE-2020-35592
all versions
Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web scr
5.4
MEDIUM
CVE-2020-35591
all versions
Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new session cookie after the user is logg
5.4
MEDIUM
CVE-2020-35659
< 5.2.2
The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS. An attacker with the ability to directly or indirectly quer
6.1
MEDIUM
CVE-2020-14162
< 5.1
An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script as r
7.8
HIGH
CVE-2020-12620
< 5.0
Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.conf to escalate privileges through command injection (shell me
7.8
HIGH
CVE-2020-14971
<= 5.0
Pi-hole through 5.0 allows code injection in piholedhcp (the Static DHCP Leases section) by modifying Teleporter backup files and
7.8
HIGH
CVE-2020-8816
<= 4.3.2
Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.
7.2
HIGH
CVE-2020-11108
<= 4.4
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Rem
8.8
HIGH
CVE-2019-13051
all versions
Pi-Hole 4.3 allows Command Injection.
8.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin