Lucene search
K

51 matches found

NVD
NVD
added yesterday4 views

CVE-2026-47703

AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.75, AdGuard Home's client-triggered DoQ forwarding path to a udp:// upstream reduced backend UDP DNS state by producing dnsid=0 or txid=0 and exposed a quoted-port ICMP source-port oracle, weakening DNS response...

6.3CVSS0.00047EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday8 views

CVE-2026-47703 AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle

AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.75, AdGuard Home's client-triggered DoQ forwarding path to a udp:// upstream reduced backend UDP DNS state by producing dnsid=0 or txid=0 and exposed a quoted-port ICMP source-port oracle, weakening DNS response...

6.3CVSS0.00047EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 10:34 p.m.6 views

GO-2026-5756 AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle in github.com/AdguardTeam/AdGuardHome

AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle in github.com/AdguardTeam/AdGuardHome...

6.3CVSS5.8AI score0.00047EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.10 views

CVE-2026-41448

AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the token file path...

9.4CVSS5.6AI score0.00542EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 5:16 p.m.14 views

CVE-2026-41448

AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the token file path...

9.4CVSS0.00542EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/08 4:12 p.m.19 views

CVE-2026-41448 AdGuard Home Authentication Bypass via Path Traversal in Admin-Token Cookie

AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the token file path...

9.4CVSS5.6AI score0.00542EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 4:12 p.m.10 views

CVE-2026-41448

AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the token file path...

9.4CVSS5.6AI score0.00542EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 4:12 p.m.19 views

EUVD-2026-35126

AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the token file path...

9.4CVSS5.6AI score0.00542EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 4:12 p.m.41 views

CVE-2026-41448 AdGuard Home Authentication Bypass via Path Traversal in Admin-Token Cookie

AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the token file path...

9.4CVSS0.00542EPSS
Exploits0References2
OSV
OSV
added 2026/06/08 4:12 p.m.3 views

CVE-2026-41448 AdGuard Home Authentication Bypass via Path Traversal in Admin-Token Cookie

AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the token file path...

9.2CVSS6.1AI score0.00542EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.23 views

PT-2026-47346

Name of the Vulnerable Software and Affected Versions AdGuard Home versions prior to 0.107.77 Description When started with the --glinet flag, the software contains an authentication bypass that allows unauthenticated attackers to gain full administrative access. This occurs due to unsanitized...

9.4CVSS5.7AI score0.00542EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/04 7:50 p.m.19 views

AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle

Summary This report covers the client-triggered DoQ forwarding path in: - dnsproxy v0.81.2 adguard/dnsproxy:v0.81.2 - AdGuard Home v0.107.74 adguard/adguardhome:latest, image version label v0.107.74 The issue was reproduced on 2026-04-25 with the products configured through their documented DoQ...

6.3CVSS5.7AI score0.00047EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2026/06/04 7:50 p.m.10 views

GHSA-XGX4-4H9W-53PV AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle

Summary This report covers the client-triggered DoQ forwarding path in: - dnsproxy v0.81.2 adguard/dnsproxy:v0.81.2 - AdGuard Home v0.107.74 adguard/adguardhome:latest, image version label v0.107.74 The issue was reproduced on 2026-04-25 with the products configured through their documented DoQ...

6.9CVSS5.7AI score0.00047EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/04 12:0 a.m.16 views

AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle

This report covers the client-triggered DoQ forwarding path in: - dnsproxy v0.81.2 adguard/dnsproxy:v0.81.2 - AdGuard Home v0.107.74 adguard/adguardhome:latest, image version label v0.107.74 The issue was reproduced on 2026-04-25 with the products configured through their documented DoQ listener...

6.3CVSS5.8AI score0.00047EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/04 12:0 a.m.11 views

AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle

This report covers the client-triggered DoQ forwarding path in: - dnsproxy v0.81.2 adguard/dnsproxy:v0.81.2 - AdGuard Home v0.107.74 adguard/adguardhome:latest, image version label v0.107.74 The issue was reproduced on 2026-04-25 with the products configured through their documented DoQ listener...

6.3CVSS5.8AI score0.00047EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.17 views

PT-2026-46882

Name of the Vulnerable Software and Affected Versions dnsproxy version 0.81.2 AdGuard Home version 0.107.74 Description A state reduction issue exists in the client-triggered DNS over QUIC DoQ forwarding path when queries are forwarded to a UDP upstream. In this path, the backend DNS ID transacti...

6.9CVSS5.9AI score0.00047EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.21 views

PT-2026-46871

Summary This report covers the client-triggered DoQ forwarding path in: - dnsproxy v0.81.2 adguard/dnsproxy:v0.81.2 - AdGuard Home v0.107.74 adguard/adguardhome:latest, image version label v0.107.74 The issue was reproduced on 2026-04-25 with the products configured through their documented DoQ...

6.9CVSS5.7AI score
Exploits0References4
GithubExploit
GithubExploit
added 2026/04/27 6:18 p.m.132 views

Exploit for Improper Authentication in Adguard Adguardhome

CVE-2026-32136exploit - AdGuard Home h2c Upgrade Auth Bypass...

9.8CVSS7.9AI score0.00735EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.5 views

CVE-2026-32136

AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext h2c. Once the upgrade is accepted, the resulting...

9.8CVSS5.8AI score0.00735EPSS
Exploits2References1
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.5 views

SUSE CVE-2026-32136

AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext h2c. Once the upgrade is accepted, the resulting...

9.8CVSS5.9AI score0.00735EPSS
Exploits2References3
Rows per page
Query Builder