Authentication Bypass Vulnerability in AdGuard Home by AdGuard
CVE-2026-41448
9.2CRITICAL
What is CVE-2026-41448?
AdGuard Home, when initiated with the --glinet flag, is vulnerable to an authentication bypass that allows attackers to gain unrestricted admin access. This vulnerability arises from unsanitized string concatenation in the token file path creation within the authglinet middleware. By injecting a path traversal sequence in the Admin-Token cookie, attackers can forge requests that misdirect file reads to unintended system locations, effectively compromising the security of the application.
Affected Version(s)
AdGuardHome 0
