CVE Catalog

CVE-2026-44693

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

11th percentile - higher than 11% of all known CVEs

Summary

Pi-hole FTL, the core engine of the network-level advertisement and tracker blocker, contained a race condition vulnerability in the HTTP session management subsystem prior to version 6.6.1. This issue was introduced with the v6.0 rewrite of the CivetWeb-based web server and has been patched in version 6.6.1.

Risk Assessment

Organizations using Pi-hole FTL prior to version 6.6.1 may be exposed to attacks related to improper HTTP session management, potentially leading to unauthorized access to user data.

Recommendation

It is recommended to update Pi-hole FTL to version 6.6.1 or later to mitigate this vulnerability.

Original NVD description (English source)

Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability in the HTTP session management subsystem, introduced with the v6.0 rewrite of the embedded CivetWeb-based web server. This issue has been patched in version 6.6.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS