Skip to main content

Adguardhome EUVDEUVD-2026-35126

| CVE-2026-41448 CRITICAL
Path Traversal (CWE-22)
2026-06-08 VulnCheck GHSA-599m-gqxc-4x5m
9.2
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
9.2 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (VulnCheck) · only source for this CVE.

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

7
Patch available
Jun 08, 2026 - 18:01 EUVD
Analysis Updated
Jun 08, 2026 - 17:29 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 08, 2026 - 17:29 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 08, 2026 - 17:22 vuln.today
cvss_changed
CVSS changed
Jun 08, 2026 - 17:22 NVD
9.4 (CRITICAL) 9.2 (CRITICAL)
Source Code Evidence Fetched
Jun 08, 2026 - 17:20 vuln.today
Analysis Generated
Jun 08, 2026 - 17:20 vuln.today

DescriptionCVE.org

AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the token file path construction within the authglinet middleware. Attackers can craft a request with a traversal payload in the Admin-Token header to redirect file reads to arbitrary paths.

AnalysisAI

Authentication bypass in AdGuard Home prior to v0.107.77 allows unauthenticated remote attackers to gain full admin access when the binary is launched with the --glinet flag, by injecting a path traversal sequence into the Admin-Token cookie. The flaw lives in the authglinet middleware, which concatenates the cookie value into a file path without sanitization, letting attackers redirect token reads to arbitrary files. No public exploit identified at time of analysis, but the vendor advisory and a community-disclosed root cause make weaponization straightforward.

Share

EUVD-2026-35126 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy