Race Condition in Pi-hole FTL's HTTP Session Management
CVE-2026-44693
8.8HIGH
What is CVE-2026-44693?
Pi-hole FTL, the essential engine behind the Pi-hole network-level advertisement and tracker blocking solution, suffers from a race condition vulnerability in its HTTP session management functionality. This flaw, introduced during the significant v6.0 rewrite of the integrated CivetWeb web server, can lead to inconsistent session states. Users should upgrade to version 6.6.1 or later to mitigate potential security risks associated with this vulnerability.
Affected Version(s)
FTL < 6.6.1
