Skip to main content

AdGuard Home CVE-2026-47703

| EUVDEUVD-2026-44710 MEDIUM
Race Condition (CWE-362)
2026-06-04 https://github.com/AdguardTeam/AdGuardHome GHSA-xgx4-4h9w-53pv
6.3
CVSS 4.0 · Vendor: https://github.com/AdguardTeam/AdGuardHome
Share

Severity by source

Vendor (https://github.com/AdguardTeam/AdGuardHome) PRIMARY
6.3 MEDIUM
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (https://github.com/AdguardTeam/AdGuardHome) · only source for this CVE.

CVSS VectorVendor: https://github.com/AdguardTeam/AdGuardHome

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
CVSS changed
Jul 15, 2026 - 17:22 NVD
6.3 (MEDIUM)
Source Code Evidence Fetched
Jun 04, 2026 - 20:21 vuln.today
Analysis Generated
Jun 04, 2026 - 20:21 vuln.today

DescriptionCVE.org

Summary

This report covers the client-triggered DoQ forwarding path in:

  • dnsproxy v0.81.2 (adguard/dnsproxy:v0.81.2)
  • AdGuard Home v0.107.74 (adguard/adguardhome:latest, image version label v0.107.74)

The issue was reproduced on 2026-04-25 with the products configured through their documented DoQ listener and plain UDP upstream surfaces. The scope is the internal backend UDP hop created when a DoQ query is forwarded to a udp:// upstream.

On that path, the backend DNS ID is not preserved as an independent source of entropy. For both products, the backend observer saw dns_id=0 for every sampled client-triggered query on the tested path. Repeated reruns then showed the same txid=0 behavior and the same positive source-port oracle on every sampled run. A separate quoted-port ICMP oracle distinguished the correct backend UDP source port from a wrong one with a stable, client-visible behavior change.

Attached evidence:

  • dnsproxy oracle path on v0.81.2: [attachments/artifacts/g03/20260425T141500Z-g03-v0812/summary.txt](attachments/artifacts/g03/20260425T141500Z-g03-v0812/summary.txt)
  • dnsproxy v0.81.2 repeatability: [attachments/artifacts/g03/repeatability-v0812.md](attachments/artifacts/g03/repeatability-v0812.md)
  • dnsproxy steering follow-up on v0.81.2: [attachments/artifacts/g04/20260425T141900Z-g04-v0812/summary.txt](attachments/artifacts/g04/20260425T141900Z-g04-v0812/summary.txt)
  • AdGuard Home oracle path: [attachments/artifacts/g05/20260425T113000Z-g05/summary.txt](attachments/artifacts/g05/20260425T113000Z-g05/summary.txt)

Root Cause Analysis

The observable behavior is consistent across both products:

  1. A DoQ client query is accepted on the frontend listener.
  2. The query is forwarded over a backend UDP leg.
  3. On that backend leg, the forwarded DNS ID collapses to 0 on the

client-triggered path instead of remaining a fresh per-query variable.

  1. The backend UDP source port is still allocated per query.
  2. When an ICMP error quotes the actual backend source port, the forwarding path

flips behavior in a way that does not occur for a wrong quoted port.

That combination removes txid from the backend tuple on the tested path and leaves the UDP source port as the main remaining variable. In practical terms, the backend hop stops behaving like a fresh (txid, source-port) pair per forwarded query and instead becomes a one-variable state exposure.

For dnsproxy, the correct quoted port does more than produce a failure signal: it can push resolution away from the primary UDP upstream and into the fallback upstream. For AdGuard Home, the same condition produces a fast SERVFAIL.

Reproduce

Prerequisites:

  • Docker and Docker Compose
  • OpenSSL
  • build the lab helper image used by the attached harness and observer

The attached reproducer bundle contains only the files needed for this report:

  • scripts: attachments/scripts/
  • helper image build files: attachments/docker/unbound-doq-attacker/
  • compose files: attachments/docker-compose.g03.yml,

attachments/docker-compose.g04.yml, attachments/docker-compose.g05.yml

  • shipped evidence: attachments/artifacts/...

Build the helper image first:

  1. cd attachments
  2. docker build -t unbound-doq-attacker:latest -f docker/unbound-doq-attacker/Dockerfile docker/unbound-doq-attacker

To rerun dnsproxy:

  1. cd attachments
  2. bash scripts/repro-g03-dnsproxy-oracle.sh
  3. Inspect artifacts/g03/<RUN_ID>/summary.txt
  4. Inspect artifacts/g03/<RUN_ID>/entropy-backend.jsonl,

txid_correct-backend.jsonl, and port_correct-backend.jsonl

To rerun the dnsproxy fallback-steering case:

  1. cd attachments
  2. bash scripts/repro-g04-dnsproxy-steering.sh
  3. Inspect artifacts/g04/<RUN_ID>/summary.txt
  4. Inspect steering_correct-main.jsonl and steering_correct-fallback.jsonl

To rerun AdGuard Home:

  1. cd attachments
  2. bash scripts/repro-g05-adguardhome-oracle.sh
  3. Inspect artifacts/g05/<RUN_ID>/summary.txt
  4. Inspect entropy-backend.jsonl, txid_correct-backend.jsonl, and

port_correct-backend.jsonl

The attached evidence includes fresh dnsproxy v0.81.2 reruns, one official- profile AdGuard Home run, and the minimal reproducer bundle used by both.

Impact

For both products, the tested DoQ-to-UDP path is no longer a full (txid, source-port) search surface:

  • dnsproxy: four of four sampled runs showed txid=0 on the backend hop and

a positive source-port oracle on v0.81.2. The remaining unknown is port_only. Median wrong/correct port latency was 327.99 ms / 40.93 ms.

  • AdGuard Home: four of four sampled runs showed txid=0 on the backend hop

and a positive source-port oracle. The aggregate again classifies the remaining unknown as port_only. Median wrong/correct port latency was 319.14 ms / 37.02 ms.

Product-specific effects:

  • dnsproxy: a correct port guess produced an empty client-visible answer on

the base oracle path, and in the fallback profile it steered all eight tested queries away from the main upstream and into the fallback upstream.

  • AdGuard Home: a correct port guess produced fast SERVFAIL and an extra

backend query.

This is the security-relevant point. On the tested official profiles, the backend hop no longer forces an off-path attacker to deal with two fresh random fields per forwarded DNS race. The DNS ID is already known: it is deterministically 0 on the client-triggered DoQ-to-UDP path. The only remaining backend tuple variable is the UDP source port, and the attached evidence shows a repeatable oracle for that remaining variable.

That places the path in the same threat-model class as oracle-assisted DNS forgery work such as SAD DNS and TUdoor: the attack first uses an oracle to learn or validate the tuple state that protects an off-path response race, and only then attempts the forged response. This report stops short of a forgery demo, but the evidence already shows the crucial precondition on the tested backend hop: the tuple is not high-entropy anymore. It has been reduced from (txid, source-port) to source-port only.

---

Attachments attachments.zip

AnalysisAI

DNS transaction ID entropy collapse in AdGuard Home (≤v0.107.74) and its underlying dnsproxy library (≤v0.81.2) reduces the backend UDP forwarding tuple from two random variables to one: the DNS ID is deterministically 0 on every client-triggered DoQ-to-UDP hop, leaving only the UDP source port as the sole remaining entropy variable. An off-path attacker who can inject spoofed ICMP error messages toward the resolver's egress address can exploit a reliable source-port oracle - confirmed across four consecutive runs for both products - to identify the correct backend socket state before injecting a forged DNS response, placing this attack in the same threat-model class as SAD DNS and TUdoor. No public exploit confirmed at time of analysis beyond the working oracle reproducer included in the advisory disclosure; the advisory is not listed in CISA KEV.

Technical ContextAI

DNS-over-QUIC (DoQ) wraps DNS messages in QUIC streams to provide confidentiality on the client-to-resolver leg. Both AdGuard Home and its underlying dnsproxy library implement a DoQ listener that forwards received queries to plain UDP upstreams (udp:// scheme). The root cause is in dnsproxy's upstream/plain.go dialExchange() function: when a DoQ-originated query is forwarded over UDP, the DNS message struct's ID field retains its Go zero value (0) rather than being assigned a fresh random value per query. The patch - introducing the setRequestForNetwork() helper in the same file - explicitly detects this case and generates a copy of the request with a randomized ID before the UDP exchange, then restores the original ID on the response. CWE-362 (Race Condition) is the assigned weakness class; while the forgery attempt is a timing race, the enabling root cause is more precisely deterministic entropy absence. Affected packages are pkg:go/github.com/AdguardTeam/AdGuardHome (≤0.107.74) and pkg:go/github.com/AdguardTeam/dnsproxy (<0.81.3), as confirmed by the GHSA package data.

RemediationAI

Vendor-released patch: dnsproxy 0.81.3 and AdGuard Home 0.107.75. Upgrade dnsproxy to v0.81.3 or later using the patch at https://github.com/AdguardTeam/dnsproxy/commit/f00d992ce9567a50f596853978ad6500acfdcf1d; AdGuard Home users should upgrade to v0.107.75 or later, which pulls in the fixed dnsproxy dependency. For deployments that cannot upgrade immediately, the most effective compensating control is to replace all plain UDP upstreams (udp://) with encrypted upstreams such as DoT, DoH, or DoQ - this eliminates the backend UDP hop where txid=0 occurs, though it introduces upstream resolver compatibility requirements and possible latency overhead. A secondary control is to restrict network access so that spoofed ICMP error packets cannot reach the resolver's egress UDP socket (e.g., ingress ICMP filtering at the network perimeter); this raises the bar for the oracle step but does not eliminate the txid=0 root cause and may break legitimate PMTUD. The full vendor advisory is at https://github.com/AdguardTeam/AdGuardHome/security/advisories/GHSA-xgx4-4h9w-53pv.

CVE-2014-0160 HIGH POC
7.5 Apr 07

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe

CVE-2014-0195 MEDIUM POC
6.8 Jun 05

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2016-0800 MEDIUM POC
5.9 Mar 01

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to se

CVE-2015-0204 MEDIUM POC
4.3 Jan 09

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k

CVE-2014-3566 LOW POC
3.4 Oct 15

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which mak

CVE-2016-2107 MEDIUM POC
5.9 May 05

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a

CVE-2015-1793 MEDIUM POC
6.5 Jul 09

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly

CVE-2022-3602 HIGH
7.5 Nov 01

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Rated hig

CVE-2014-3470 MEDIUM
4.3 Jun 05

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before

CVE-2017-3730 HIGH POC
7.5 May 04

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this

CVE-2016-8610 HIGH
7.5 Nov 13

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto

Share

CVE-2026-47703 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy