Primary

Context

AdGuard Home Authentication Bypass Vulnerability in GLiNET Mode Allowing Admin Access

Vulnerability

Patched

An authentication bypass vulnerability has been identified in AdGuard Home versions prior to 0.107.77, when the application is started with the --glinet flag. This vulnerability allows unauthenticated attackers to gain full administrative access by injecting a path traversal sequence into the Admin-Token cookie. The issue arises from unsanitized string concatenation in the token file path construction within the authglinet middleware, enabling attackers to redirect file reads to arbitrary paths.

Impact

Exploitation of this vulnerability allows for unauthorized administrative access to the AdGuard Home application.

Remediation

Users can upgrade to AdGuard Home version 0.107.77 or later to address this vulnerability.

Added: Jun 8, 2026, 6:08 PM

Updated: Jun 8, 2026, 6:08 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

5.0

exploitability

6.3

remediation

7.7

relevance

9.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

5.0

exploitability

6.3

remediation

7.7

relevance

9.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AdGuard Home Authentication Bypass Vulnerability in GLiNET Mode Allowing Admin Access

Vulnerability

Impact

Remediation

Affected Products

AdGuard Home

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating