Authentication Bypass Vulnerability in AdGuard Home by AdGuard
CVE-2026-41448

9.2CRITICAL

Key Information:

Vendor
CVE Published:
8 June 2026

What is CVE-2026-41448?

AdGuard Home, when initiated with the --glinet flag, is vulnerable to an authentication bypass that allows attackers to gain unrestricted admin access. This vulnerability arises from unsanitized string concatenation in the token file path creation within the authglinet middleware. By injecting a path traversal sequence in the Admin-Token cookie, attackers can forge requests that misdirect file reads to unintended system locations, effectively compromising the security of the application.

Affected Version(s)

AdGuardHome 0

References

CVSS V4

Score:
9.2
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

djnn
VulnCheck
.