← Volver a CVEs
CVE-2026-33404
LOW3.4
Descripcion
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames and IP addresses from the FTL database are rendered into the DOM without escaping in network.js (Network page) and charts.js/index.js (Dashboard chart tooltips). While upstream validation in dnsmasq and FTL blocks HTML characters via normal DHCP/DNS paths, the web UI performs no output escaping — an inconsistency with other fields in the same file that are properly escaped. This vulnerability is fixed in 6.5.
Detalles CVE
Puntuacion CVSS v3.13.4
SeveridadLOW
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioNONE
Publicado4/6/2026
Ultima modificacion4/6/2026
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-79
Referencias
https://github.com/pi-hole/web/security/advisories/GHSA-px6w-85wp-ww9v(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.