407 matches found
EUVD-2026-19711
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DNS host record configuration parameter dns.hostRecord. This vulnerability allows an...
CVE-2026-35519
CVE-2026-35519 affects Pi-hole FTL (FTLDNS). From 6.0 up to before 6.6, an authenticated attacker could inject arbitrary dnsmasq directives into the dns.hostRecord parameter via newline characters, leading to remote code execution on the host. The vulnerability is fixed in version 6.6. Exploitati...
CVE-2026-35519 Pi-hole FTL affected by Remote Code Execution (RCE) via dns.hostRecord Newline Injection
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DNS host record configuration parameter dns.hostRecord. This vulnerability allows an...
CVE-2026-35519 Pi-hole FTL affected by Remote Code Execution (RCE) via dns.hostRecord Newline Injection
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DNS host record configuration parameter dns.hostRecord. This vulnerability allows an...
CVE-2026-35518 Pi-hole FTL affected by Remote Code Execution (RCE) via dns.cnameRecords Newline Injection
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DNS CNAME records configuration parameter dns.cnameRecords. This vulnerability allows a...
CVE-2026-35518
Pi-hole FTL (FTLDNS) from 6.0 up to before 6.6 is vulnerable to Remote Code Execution via newline injection in the DNS CNAME records configuration parameter (dns.cnameRecords). An authenticated attacker can inject arbitrary dnsmasq directives, enabling command execution on the host. The issue is ...
CVE-2026-35518 Pi-hole FTL affected by Remote Code Execution (RCE) via dns.cnameRecords Newline Injection
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DNS CNAME records configuration parameter dns.cnameRecords. This vulnerability allows a...
CVE-2026-35518
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DNS CNAME records configuration parameter dns.cnameRecords. This vulnerability allows a...
CVE-2026-35517 Pi-hole FTL affected by Remote Code Execution (RCE) via dns.upstreams Newline Injection
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the upstream DNS servers configuration parameter dns.upstreams. This vulnerability allows a...
CVE-2026-35517 Pi-hole FTL affected by Remote Code Execution (RCE) via dns.upstreams Newline Injection
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the upstream DNS servers configuration parameter dns.upstreams. This vulnerability allows a...
CVE-2026-35517
Pi-hole FTL (FTLDNS) contains a Remote Code Execution flaw from 6.0 up to before 6.6 in the upstream DNS servers configuration (dns.upstreams). An authenticated attacker can inject arbitrary dnsmasq directives via newline characters, leading to command execution on the host. The issue is fixed in...
CVE-2026-35517
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the upstream DNS servers configuration parameter dns.upstreams. This vulnerability allows a...
EUVD-2026-19684
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the upstream DNS servers configuration parameter dns.upstreams. This vulnerability allows a...
CVE-2026-35491 Pi-hole FTL: CLI API sessions can import Teleporter archives and modify configuration
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature webserver.api.clipw that creates “CLI” API sessions intended to be read-only for configuration changes. While /api/config...
CVE-2026-35491
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature webserver.api.clipw that creates “CLI” API sessions intended to be read-only for configuration changes. While /api/config...
CVE-2026-35491 Pi-hole FTL: CLI API sessions can import Teleporter archives and modify configuration
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature webserver.api.clipw that creates “CLI” API sessions intended to be read-only for configuration changes. While /api/config...
EUVD-2026-19676
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature webserver.api.clipw that creates “CLI” API sessions intended to be read-only for configuration changes. While /api/config...
CVE-2026-35491
Pi-hole FTL (FTLDNS) from 6.0 to before 6.6 exposes a vulnerability where CLI API sessions (webserver.api.cli_pw) could import Teleporter archives via the /api/teleporter endpoint and overwrite configuration, despite /api/config blocking CLI sessions. This creates an authorization bypass that let...
FTL 注入漏洞
FTL is an open-source network advertising interception and statistics tool developed by Pi-hole. Versions of FTL from 6.0 to 6.6 had a injection vulnerability. This vulnerability stemmed from configuration parameters of upstream DNS servers, allowing authenticated attackers to inject arbitrary...
FTL 注入漏洞
FTL is an open-source network advertising interception and statistics tool developed by Pi-hole. Versions of FTL from 6.0 to 6.6 had a injection vulnerability. This vulnerability stemmed from the DNS CNAME record configuration parameters, allowing authenticated attackers to inject arbitrary dnsma...