Race Condition in Pi-hole FTL's HTTP Session Management
CVE-2026-44693

8.8HIGH

Key Information:

Vendor

Pi-hole

Status
Vendor
CVE Published:
10 June 2026

What is CVE-2026-44693?

Pi-hole FTL, the essential engine behind the Pi-hole network-level advertisement and tracker blocking solution, suffers from a race condition vulnerability in its HTTP session management functionality. This flaw, introduced during the significant v6.0 rewrite of the integrated CivetWeb web server, can lead to inconsistent session states. Users should upgrade to version 6.6.1 or later to mitigate potential security risks associated with this vulnerability.

Affected Version(s)

FTL < 6.6.1

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.