CVE-2026-33404

LOW

3.4

Descricao

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames and IP addresses from the FTL database are rendered into the DOM without escaping in network.js (Network page) and charts.js/index.js (Dashboard chart tooltips). While upstream validation in dnsmasq and FTL blocks HTML characters via normal DHCP/DNS paths, the web UI performs no output escaping — an inconsistency with other fields in the same file that are properly escaped. This vulnerability is fixed in 6.5.

Detalhes CVE

Pontuacao CVSS v3.13.4

SeveridadeLOW

Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Vetor de ataqueLOCAL

ComplexidadeLOW

Privilegios necessariosHIGH

Interacao do usuarioNONE

Publicado4/6/2026

Ultima modificacao4/6/2026

Fontenvd

Avistamentos honeypot0

Fraquezas (CWE)

CWE-79

Referencias

https://github.com/pi-hole/web/security/advisories/GHSA-px6w-85wp-ww9v(security-advisories@github.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.