CVE-2026-33765: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in pi-hole web
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 have a critical OS Command Injection vulnerability in the savesettings.php file. The application takes the user-controlled $_POST['webtheme'] parameter and concatenates it directly into a system command executed via PHP's exec() function. Since the input is neither sanitized nor validated before being passed to the shell, an attacker can append arbitrary system commands to the intended pihole command. Furthermore, because the command is executed with sudo privileges, the injected commands will run with elevated (likely root) privileges. Version 6.0 patches the issue.
AI Analysis
Technical Summary
CVE-2026-33765 is an OS Command Injection vulnerability (CWE-78) affecting the Pi-hole web admin interface in versions before 6.0. The vulnerability occurs in savesettings.php where the 'webtheme' parameter from user input is unsafely concatenated into a shell command executed by PHP's exec() function. Because the command runs with sudo privileges, injected commands execute with elevated rights, potentially compromising the entire system. The vulnerability is fixed in Pi-hole version 6.0.
Potential Impact
Successful exploitation allows an unauthenticated attacker to execute arbitrary system commands with elevated (sudo/root) privileges on the host running Pi-hole. This can lead to full system compromise, data loss, or disruption of network-level ad and tracker blocking services.
Mitigation Recommendations
Upgrade Pi-hole to version 6.0 or later, where this vulnerability is patched. Versions prior to 6.0 are vulnerable and should be updated promptly. Since this is not a cloud service, remediation requires applying the official patch by upgrading the software.
CVE-2026-33765: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in pi-hole web
Description
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 have a critical OS Command Injection vulnerability in the savesettings.php file. The application takes the user-controlled $_POST['webtheme'] parameter and concatenates it directly into a system command executed via PHP's exec() function. Since the input is neither sanitized nor validated before being passed to the shell, an attacker can append arbitrary system commands to the intended pihole command. Furthermore, because the command is executed with sudo privileges, the injected commands will run with elevated (likely root) privileges. Version 6.0 patches the issue.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-33765 is an OS Command Injection vulnerability (CWE-78) affecting the Pi-hole web admin interface in versions before 6.0. The vulnerability occurs in savesettings.php where the 'webtheme' parameter from user input is unsafely concatenated into a shell command executed by PHP's exec() function. Because the command runs with sudo privileges, injected commands execute with elevated rights, potentially compromising the entire system. The vulnerability is fixed in Pi-hole version 6.0.
Potential Impact
Successful exploitation allows an unauthenticated attacker to execute arbitrary system commands with elevated (sudo/root) privileges on the host running Pi-hole. This can lead to full system compromise, data loss, or disruption of network-level ad and tracker blocking services.
Mitigation Recommendations
Upgrade Pi-hole to version 6.0 or later, where this vulnerability is patched. Versions prior to 6.0 are vulnerable and should be updated promptly. Since this is not a cloud service, remediation requires applying the official patch by upgrading the software.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-23T18:30:14.126Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69c6e1b93c064ed76febd417
Added to database: 3/27/2026, 7:59:53 PM
Last enriched: 4/4/2026, 6:40:01 AM
Last updated: 5/12/2026, 1:04:12 PM
Views: 57
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.