Vulnerabilities in pi-hole
33 resultsCVE-2025-59151HIGHPi-hole Admin Interface vulnerable to HTTP response header injection via CRLF injectionEPSS 0.4%CVE-2022-31029MEDIUMAuthenticated XSS in Pi-hole AdminLTEEPSS 0.4%CVE-2026-26953MEDIUMPi-hole Web Interface has Stored HTML Injection via X-Forwarded-For Header in Active Sessions TableEPSS 0.3%CVE-2026-33406MEDIUMPi-hole has a Stored HTML attribute injectionEPSS 0.3%CVE-2026-26952MEDIUMPi-hole Web Interface has Stored HTML Injection via Local DNS Records (CNAME/Hosts) in data-tag AttributeEPSS 0.2%CVE-2026-44693HIGHPi-hole FTL: Unauthenticated Session Hijacking via Race Condition on Global Session BufferEPSS 0.2%CVE-2025-32785LOWPi-hole Admin Interface vulnerable to persistent XSS on Subscribed lists group management (Adress Field)EPSS 0.2%CVE-2026-33727MEDIUMPi-hole has a Local Privilege Escalation (post-compromise, pihole -> root).EPSS 0.2%CVE-2026-33403MEDIUMPi-hole has a Reflected XSS / HTML injection in taillog.jsEPSS 0.2%CVE-2026-33405LOWPi-hole has a Stored HTML Injection in queries.jsEPSS 0.2%CVE-2026-35491MEDIUMPi-hole FTL: CLI API sessions can import Teleporter archives and modify configurationEPSS 0.2%CVE-2026-33404LOWPi-hole has a Stored XSS / HTML injection in the Network page/DashboardEPSS 0.1%CVE-2026-41489HIGHPi-hole: Local privilege escalation via config-controlled path in root-executed service hooksEPSS 0.1%