Vendor
A remote code execution vulnerability exists in Pi-hole FTL versions 6.0 to before 6.6, where an authenticated attacker can inject arbitrary dnsmasq configuration directives through newline characters in the DNS host record configuration parameter, leading to command execution on the underlying system.