What is CVE-2021-32706?

CVE-2021-32706 is a high-severity vulnerability in Pi-hole Adminlte, classified under Code Injection. CVSS score: 7.6/10. Published 2021-08-04.

How severe is CVE-2021-32706?

High severity. CVSS v3 base score is 7.6 out of 10.

Is CVE-2021-32706 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Pi-hole Adminlte

CVE-2021-32706

Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the `validDomainWildcard` preg_match filter allows a malicious character thro…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.610 (98.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H.

Affected products

Pi-hole Adminlte — versions < 5.5.1

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

References

github.com/pi-hole/AdminLTE/security/advisories/GHSA-5cm9-6p3m-v259 (x_refsource_CONFIRM)
github.com/pi-hole/AdminLTE/releases/tag/v5.5.1 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-32706?: CVE-2021-32706 is a high-severity vulnerability in Pi-hole Adminlte, classified under Code Injection. CVSS score: 7.6/10. Published 2021-08-04.
How severe is CVE-2021-32706?: High severity. CVSS v3 base score is 7.6 out of 10.
Is CVE-2021-32706 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.