๐Ÿ” CVE Alert

CVE-2026-50130

HIGH 8.8

Pi-hole: Local privilege escalation from `pihole` user to root via `/etc/pihole/logrotate`

CVSS Score
8.8
EPSS Score
0.2%
EPSS Percentile
13th

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to 6.4.2, a user with code execution as the unprivileged pihole user can escalate to root by replacing /etc/pihole/logrotate. The replacement is laundered to root:root ownership by pihole-FTL-prestart.sh and then parsed as root by the daily pihole flush cron, executing firstaction shell as uid 0. This issue is fixed in version 6.4.3.

CWE CWE-282
Vendor pi-hole
Product pi-hole
Published Jul 14, 2026
Last Updated Jul 16, 2026
Stay Ahead of the Next One

Get instant alerts for pi-hole pi-hole

Be the first to know when new high vulnerabilities affecting pi-hole pi-hole are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

pi-hole / pi-hole
>= 6.0.0, < 6.4.3

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/pi-hole/pi-hole/security/advisories/GHSA-h8w9-qx2v-wrww github.com: https://github.com/pi-hole/pi-hole/commit/18002bf7c6bf382fe5861d01321f427019e1be89 github.com: https://github.com/pi-hole/pi-hole/releases/tag/v6.4.3