VYPR

Ftldns

by Pi Hole

Source repositories

CVEs (7)

  • CVE-2026-39849HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.01

    Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. In versions before 6.6.1, the `dns.interface` configuration field in Pi-hole FTL accepted newline characters without validation, allowing an attacker to inject arbitrary directives…

  • CVE-2026-35521HigApr 7, 2026
    risk 0.50cvss 8.8epss 0.01

    FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulnerability in the DHCP hosts configuration parameter (dhcp.hosts). This…

  • CVE-2026-35520HigApr 7, 2026
    risk 0.50cvss 8.8epss 0.01

    FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulnerability in the DHCP lease time configuration parameter (dhcp.leaseTime). This…

  • CVE-2026-35519HigApr 7, 2026
    risk 0.50cvss 8.8epss 0.01

    FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulnerability in the DNS host record configuration parameter (dns.hostRecord). This…

  • CVE-2026-35518HigApr 7, 2026
    risk 0.50cvss 8.8epss 0.01

    FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulnerability in the DNS CNAME records configuration parameter (dns.cnameRecords).…

  • CVE-2026-35517HigApr 7, 2026
    risk 0.50cvss 8.8epss 0.01

    FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulnerability in the upstream DNS servers configuration parameter (dns.upstreams).…

  • CVE-2026-35491MedApr 7, 2026
    risk 0.33cvss 6.1epss 0.00

    FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature (webserver.api.cli_pw) that creates “CLI” API sessions intended to be read-only for configuration…