pi-hole adminlte Vulnerabilities: CVEs, CISA KEV & Security Advisories

This page aggregates every publicly disclosed vulnerability (CVE) affecting pi-hole adminlte, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.

Affected versions and CVEs

Browse every pi-hole adminlte version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

v4.013 CVEs
v4.113 CVEs
v4.1.113 CVEs
v4.213 CVEs
v4.313 CVEs
v4.3.213 CVEs
v4.3.313 CVEs
v5.013 CVEs
v5.113 CVEs
v5.1.113 CVEs
v5.213 CVEs
v5.2.113 CVEs
v5.2.213 CVEs
v5.313 CVEs
v5.3.113 CVEs
v5.3.213 CVEs
v5.413 CVEs
v5.513 CVEs
0.112 CVEs
1.012 CVEs
1.112 CVEs
1.212 CVEs
1.2.112 CVEs
1.312 CVEs
2.0.012 CVEs
2.1.012 CVEs
2.1.112 CVEs
v1.0.012 CVEs
v1.1.012 CVEs
v1.1.112 CVEs
v1.1.212 CVEs
v1.1.312 CVEs
v1.1.412 CVEs
v1.1.512 CVEs
v1.1.612 CVEs
v1.1.712 CVEs
v1.212 CVEs
v1.312 CVEs
v1.412 CVEs
v1.4.112 CVEs
v1.4.212 CVEs
v1.4.312 CVEs
v1.4.3.112 CVEs
v1.4.3.1a12 CVEs
v1.4.412 CVEs
v1.4.4.112 CVEs
v1.4.4.212 CVEs
v2.012 CVEs
v2.0.012 CVEs
v2.0.112 CVEs
v2.0.212 CVEs
v2.0.312 CVEs
v2.0.412 CVEs
v2.0.512 CVEs
v2.112 CVEs
v2.1.0-alpha-112 CVEs
v2.1.0-beta12 CVEs
v2.1.212 CVEs
v2.212 CVEs
v2.2.012 CVEs
v2.312 CVEs
v2.3.112 CVEs
v2.412 CVEs
v2.512 CVEs
v2.5.112 CVEs
v2.5.212 CVEs
v3.012 CVEs
v3.0.112 CVEs
v3.0.1a12 CVEs
v3.112 CVEs
v3.212 CVEs
v3.2.112 CVEs
v3.312 CVEs
v5.5.111 CVEs
v5.68 CVEs
v5.78 CVEs
v5.107 CVEs
v5.10.17 CVEs
v5.117 CVEs
v5.127 CVEs
v5.87 CVEs
v5.97 CVEs
v5.136 CVEs
v5.146 CVEs
v5.14.16 CVEs
v5.14.26 CVEs
v5.156 CVEs
v5.15.16 CVEs
v5.166 CVEs
v5.175 CVEs
v5.185 CVEs
v5.18.15 CVEs
v5.18.25 CVEs
v6.05 CVEs
v6.0.15 CVEs
v6.0.25 CVEs
v6.15 CVEs
v6.25 CVEs
v6.2.15 CVEs
v5.18.34 CVEs
v5.18.44 CVEs
v5.194 CVEs
v5.204 CVEs
v5.20.14 CVEs
v5.20.24 CVEs
v5.214 CVEs
v6.32 CVEs
v6.42 CVEs

Fixed in

62c55dcf358663e39c2ab629238ac34609562ae93 CVEs
f5292a3f6adc933cfab8967f2795277a6003d0ef3 CVEs
09e4e0ed396642261ee9ef937a833cb1076a02202 CVEs
f526716de7bb0fd382a64bcbbb33915c926f94bb2 CVEs
fb9bd561fdf936891370d85b32e899dff1dbf9d42 CVEs
01191c7a1b8d5032991ed9d88e0db8d3dbec744d1 CVE
1714b082c3a233ea3a0c344b50352c59818676fc1 CVE
5.131 CVE
cf8602eedd4a31eadb72372fc878c12d342f86001 CVE
da2764e58fa5fd3a17391ea7beac93c6b1509d201 CVE
ee50954be76fa53bdc4d95a3dd197030b96af5ab1 CVE

Find a version

16 CVEs

Sort

Pi-hole Web Interface has Stored HTML Injection via X-Forwarded-For Header in Active Sessions Table
CVE-2026-26953
Patch
CWE-20
Medium · CVSS 5.4
EPSS 0.1% (17th pct)2026-02-19
Pi-hole Web Interface has Stored HTML Injection via Local DNS Records (CNAME/Hosts) in data-tag Attribute
CVE-2026-26952
Patch
CWE-20
Medium · CVSS 5.4
EPSS 0.0% (5th pct)2026-02-19
Pi-hole Admin Interface vulnerable to HTTP response header injection via CRLF injection
CVE-2025-59151
Public exploit
Patch
CWE-93
High · CVSS 8.2
EPSS 0.1% (29th pct)2025-10-27
Pi-hole Admin Interface vulnerable to cross-site scripting via malformed URL path on 404 error page
CVE-2025-53533
Public exploit
Patch
CWE-79
Medium · CVSS 5.1
EPSS 0.5% (65th pct)2025-10-27
Pi-hole Admin Interface vulnerable to persistent XSS on Subscribed lists group management (Adress Field)
CVE-2025-32785
Public exploit
Patch
CWE-79
Low · CVSS 2.0
EPSS 0.0% (8th pct)2025-10-27
Improper session handling of "Remember me for 7 days" functionality
CVE-2023-23614
Public exploit
Patch
CWE-836
High · CVSS 8.8
EPSS 0.2% (42th pct)2023-01-26
Medium vulnerability · 2022-12-22
CVE-2022-23513
Public exploit
Patch
CWE-284
Medium · CVSS 5.3
EPSS 13.9% (94th pct)2022-12-22
Medium vulnerability · 2022-07-07
CVE-2022-31029
Patch
CWE-79
Medium · CVSS 5.9
EPSS 0.2% (47th pct)2022-07-07
High vulnerability · 2021-10-26
CVE-2021-41175
Patch
CWE-79
High · CVSS 7.3
EPSS 0.4% (63th pct)2021-10-26
Medium vulnerability · 2021-09-17
CVE-2021-3812
Patch
CWE-79
Medium · CVSS 6.7
EPSS 0.2% (40th pct)2021-09-17
Medium vulnerability · 2021-09-17
CVE-2021-3811
Patch
CWE-79
Medium · CVSS 6.7
EPSS 0.2% (40th pct)2021-09-17
High vulnerability · 2021-09-15
CVE-2021-3706
Patch
CWE-1004
High · CVSS 7.4
EPSS 0.2% (36th pct)2021-09-15
Stored XSS Vulnerability in the Pi-hole Webinterface
CVE-2021-32793
Patch
CWE-79
Medium · CVSS 5.7
EPSS 0.2% (45th pct)2021-08-04
High vulnerability · 2021-08-04
CVE-2021-32706
Public exploit
Patch
CWE-94
High · CVSS 7.6
EPSS 61.0% (98th pct)2021-08-04
High vulnerability · 2021-04-15
CVE-2021-29448
Patch
CWE-79
High · CVSS 7.6
EPSS 0.3% (54th pct)2021-04-15
Critical vulnerability · 2020-05-29
CVE-2020-8816
CISA KEV
Public exploit
Patch
CWE-78
Added to CISA KEV 2021-12-10
Critical · CVSS 9.4
EPSS 90.8% (100th pct)2020-05-29

pi-hole adminlte Vulnerabilities

Overview

Severity and exploitation

Affected versions and CVEs

Specific versions

Fixed in

Common weakness types

Disclosure activity by year

Other pi-hole products

Frequently asked questions

How many CVEs does pi-hole adminlte have?

How many pi-hole adminlte CVEs are in CISA KEV?

Are there public exploits for pi-hole adminlte vulnerabilities?

Which versions of pi-hole adminlte are affected?

What are the most common weakness types in pi-hole adminlte CVEs?

How many critical pi-hole adminlte vulnerabilities are there?

What is the average severity of pi-hole adminlte CVEs?

References

Track pi-hole adminlte vulnerabilities