Malware security vulnerabilities in ad blocker Pi-hole closed

Anyone using Pi-hole in their network to block internet advertising should update the ad blocker promptly for security reasons. Otherwise, attackers can exploit several vulnerabilities to attack computers.

Pi-hole functions as a DNS sinkhole and blocks the loading of advertisements on internet pages through filter lists. Optionally, Pi-hole also serves as a DNS server. The basis is a Linux system. The ad blocker often runs on a Raspberry Pi. A unique selling point of Pi-hole is the central blocking of ads for all devices in the home network.

So far, there are no reports that attackers are already exploiting the vulnerabilities. However, Pi-hole users should not wait too long to install the updates. The process is quick and painless via the command pihole up. In our case, the updates ran smoothly on a Raspberry Pi Zero 2 W with DietPi, and the ad blocker has been running without problems ever since.

Important security patches

As can be seen from a current post by the developers, updates have been released for all three components of Pi-hole (Core v6.4.1, FTL v6.6, Web v6.5), which, in addition to fixing various bugs, also close several security vulnerabilities.

In total, the developers have addressed eleven vulnerabilities. Among them are stored XSS vulnerabilities (such as CVE-2026-33403 “medium”). However, attackers with low user privileges can also gain root access via an unspecified method (CVE-2026-33727 “medium”). In such a position, attackers usually gain full control over systems.

Several malware vulnerabilities (such as CVE-2026-35521 “high”) are considered the most dangerous. These vulnerabilities affect the dhcp.hosts component of FTL. Attacks are possible remotely, but attackers must already be authenticated.

(des)