CVE-2021-29449

MEDIUM

Pi-hole 5.2.4 - Privilege Escalation via Remove Commands

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-29449. PoCs published by h00die, including Metasploit module exploits/linux/local/pihole_remove_commands_lpe.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in Pi-Hole versions 3.0 to 5.3, allowing privilege escalation from www-data to root via improperly sanitized input in the removecustomcname, removecustomdns, and removestaticdhcp functions.

Description

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.

Exploits (1)

metasploit WORKING POC GREAT
by h00die · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/pihole_remove_commands_lpe.rb

This Metasploit module exploits a command injection vulnerability in Pi-Hole versions 3.0 to 5.3, allowing privilege escalation from www-data to root via improperly sanitized input in the removecustomcname, removecustomdns, and removestaticdhcp functions.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Pi-Hole 3.0 - 5.3
No auth needed
Prerequisites: Access to a session as www-data user · Pi-Hole version between 3.0 and 5.3
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 6.3
EPSS 0.0186
EPSS Percentile 76.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Details

CWE
CWE-269 CWE-78
Status published
Products (2)
pi-hole/pi-hole < 5.2.4
pi-hole/pi-hole <= 5.2.4
Published Apr 14, 2021
Tracked Since Feb 18, 2026