PatchSiren cyber security CVE debrief
CVE-2026-44693 pi-hole CVE debrief
CVE-2026-44693 is a high-severity vulnerability in Pi-hole FTL, a network-level advertisement and tracker blocker. The issue is a race condition in the HTTP session management subsystem, introduced with the v6.0 rewrite of the embedded CivetWeb-based web server. This vulnerability has been patched in version 6.6.1.
- Vendor
- pi-hole
- Product
- FTL
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-11
Who should care
Users of Pi-hole FTL versions prior to 6.6.1 should apply the patch to prevent exploitation of this high-severity vulnerability.
Technical summary
The vulnerability, rated 8.8 CVSS score, is caused by a race condition in the HTTP session management subsystem of Pi-hole FTL. The issue was introduced in version 6.0 and has been patched in version 6.6.1. The Common Weakness Enumeration (CWE) for this vulnerability is CWE-362.
Defensive priority
High
Recommended defensive actions
- Apply the patch by updating Pi-hole FTL to version 6.6.1 or later.
- Review and update your Pi-hole FTL installation to ensure you are running the latest version.
Evidence notes
The CVE was published on 2026-06-10T23:16:46.690Z and modified on 2026-06-11T17:16:33.733Z. The vulnerability has been publicly disclosed and patched.
Official resources
CVE-2026-44693 was published on 2026-06-10T23:16:46.690Z and modified on 2026-06-11T17:16:33.733Z.