Detections
Analytics

Pi-Hole Web 6.x < 6.4.2 (Core) Local Privilege Escalation (CVE-2026-41489)

high Nessus Plugin ID 321187

Synopsis

An ad-blocking DNS server web-based admin interface on the remote host is affected by a local privilege escalation vulnerability.

Description

According to its self-reported Core version, the Pi-Hole instance on the remote host is running a Core version between 6.0 and prior to 6.4.2. It is, therefore, affected by a local privilege escalation vulnerability:

 - Two shell scripts executed as root by systemd (pihole-FTL-prestart.sh and pihole-FTL-poststop.sh) read the files.pid path from config without validation and use it in privileged file operations. By writing an arbitrary path into files.pid, an attacker with pihole privilege can cause root to delete and then recreate any file on the system outside the ProtectSystem=full-restricted directories, gaining write access to it. On a default installation this yields local privilege escalation to root via SSH authorized keys manipulation.
 (CVE-2026-41489)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade Pi-Hole Core to version 6.4.2 or later.

See Also

http://www.nessus.org/u?1476f3b0

Plugin Details

Severity: High

ID: 321187

File Name: pihole_web_CVE-2026-41489.nasl

Version: 1.1

Type: Remote

Family: CGI abuses

Published: 6/16/2026

Updated: 6/16/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-41489

CVSS v3

Risk Factor: High

Base Score: 8.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:pi-hole:pi-hole

Required KB Items: installed_sw/Pi-Hole Web

Patch Publication Date: 4/24/2026

Vulnerability Publication Date: 4/24/2026

Reference Information

CVE: CVE-2026-41489