CVE-2026-41448

CRITICAL 9.4

AdGuard Home Authentication Bypass via Path Traversal in Admin-Token Cookie

CVSS Score

9.4

EPSS Score

0.0%

EPSS Percentile

0th

AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the token file path construction within the authglinet middleware. Attackers can craft a request with a traversal payload in the Admin-Token header to redirect file reads to arbitrary paths.

CWE	CWE-22
Vendor	adguardteam
Product	adguardhome
Published	Jun 8, 2026
Last Updated	Jun 8, 2026

Stay Ahead of the Next One

Get instant alerts for adguardteam adguardhome

Be the first to know when new critical vulnerabilities affecting adguardteam adguardhome are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Affected Versions

AdguardTeam / AdGuardHome

0 < 0.107.77

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.77 vulncheck.com: https://www.vulncheck.com/advisories/adguard-home-authentication-bypass-via-path-traversal-in-admin-token-cookie

Credits

djnn VulnCheck