top of page
perceptive_background_267k.jpg

FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contaiā€¦

Published:

6 april 2026 om 22:00:00

Alert date:

7 april 2026 om 17:04:54

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Security Tools

CVE-2026-35519 affects Pi-hole FTL DNS service versions 6.0 to before 6.6. The vulnerability exists in the DNS host record configuration parameter (dns.hostRecord) where authenticated attackers can inject arbitrary dnsmasq configuration directives through newline characters. This injection leads to remote code execution on the underlying system. The vulnerability has been patched in version 6.6. Pi-hole FTL provides an interactive API and generates statistics for Pi-hole's web interface, making this a significant security issue for DNS filtering systems.

Technical details

Mitigation steps:

Affected products:

Pi-hole FTL
FTLDNS

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-35519
https://github.com/pi-hole/FTL/security/advisories/GHSA-wxhv-w77q-6qwp

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page