Exploit for CVE-2026-35517

CVE-2026-35517 - Pi-hole FTLDNS Remote Code Execution via Newl...

CVE-2026-35518

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DNS CNAME records configuration parameter dns.cnameRecords. This vulnerability allows a...

CVE-2026-35518

Pi-hole FTL (FTLDNS) from 6.0 up to before 6.6 is vulnerable to Remote Code Execution via newline injection in the DNS CNAME records configuration parameter (dns.cnameRecords). An authenticated attacker can inject arbitrary dnsmasq directives, enabling command execution on the host. The issue is ...

FTL 注入漏洞

FTL is an open-source network advertising interception and statistics tool developed by Pi-hole. Versions of FTLDNS from 6.0 to 6.6 had a injection vulnerability. This vulnerability stemmed from configuration parameters of DHCP hosts, allowing authenticated attackers to inject arbitrary dnsmasq...

PT-2026-30865

Name of the Vulnerable Software and Affected Versions FTLDNS pihole-FTL versions 6.0 through 6.5 Description The Pi-hole FTL engine contains a Remote Code Execution RCE issue in the upstream DNS servers configuration parameter dns.upstreams. An authenticated attacker can inject arbitrary dnsmasq...

EUVD-2021-28278

Malicious code in bioql PyPI...

CVE-2021-41175

Pi-hole's Web interface based on AdminLTE provides a central location to manage one's Pi-hole and review the statistics generated by FTLDNS. Prior to version 5.8, cross-site scripting is possible when adding a client via the groups-clients management page. This issue was patched in version 5.8...