Skip to main content

Adguardhome

3 CVEs product

Monthly

CVE-2026-41448 CRITICAL PATCH Act Now

Authentication bypass in AdGuard Home prior to v0.107.77 allows unauthenticated remote attackers to gain full admin access when the binary is launched with the --glinet flag, by injecting a path traversal sequence into the Admin-Token cookie. The flaw lives in the authglinet middleware, which concatenates the cookie value into a file path without sanitization, letting attackers redirect token reads to arbitrary files. No public exploit identified at time of analysis, but the vendor advisory and a community-disclosed root cause make weaponization straightforward.

Authentication Bypass Path Traversal Adguardhome
NVD GitHub
CVSS 4.0
9.2
EPSS
0.1%
CVE-2026-32136 Go CRITICAL PATCH Act Now

Auth bypass in AdGuard Home before 0.107.73.

Authentication Bypass Adguardhome Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2022-32175 Go MEDIUM POC PATCH This Month

In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Adguardhome
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
EPSS 0% CVSS 9.2
CRITICAL PATCH Act Now

Authentication bypass in AdGuard Home prior to v0.107.77 allows unauthenticated remote attackers to gain full admin access when the binary is launched with the --glinet flag, by injecting a path traversal sequence into the Admin-Token cookie. The flaw lives in the authglinet middleware, which concatenates the cookie value into a file path without sanitization, letting attackers redirect token reads to arbitrary files. No public exploit identified at time of analysis, but the vendor advisory and a community-disclosed root cause make weaponization straightforward.

Authentication Bypass Path Traversal Adguardhome
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Auth bypass in AdGuard Home before 0.107.73.

Authentication Bypass Adguardhome Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Adguardhome
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy