CVE-2026-39849 | pi-hole FTL up to 6.6.0 Configuration API /etc/pihole/pihole.toml crlf injection (GHSA-9cqv-839p-gpq2 / EUVD-2026-27498)

A vulnerability classified as problematic was found in pi-hole FTL up to 6.6.0. Impacted is an unknown function of the file /etc/pihole/pihole.toml of the component Configuration API. Such manipulation leads to crlf injection.

This vulnerability is documented as CVE-2026-39849. The attack requires being on the local network. There is not any exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More