Security News New Critical AdGuard Home Flaw Lets Attackers Bypass Authentication

[Brownie2019]

Content source

https://gbhackers.com/new-critical-adguard-home-flaw/

AdGuard Home, a highly popular network-wide ad and tracker blocking solution, has recently issued an emergency security hotfix to address a critical flaw.
This severe vulnerability, officially tracked under the identifier CVE-2026-32136, has been assigned a maximum severity rating of 9.8 out of 10 on the Common Vulnerability Scoring System scale.
The security defect enables remote, unauthenticated attackers to bypass the software’s built-in login mechanisms completely.
By exploiting this weakness, malicious actors can gain full administrative privileges over the affected system without ever needing to provide valid user credentials.

Read more:

New Critical AdGuard Home Flaw Lets Attackers Bypass Authentication

AdGuard Home has recently issued an emergency security hotfix to address a critical flaw, tracked under the identifier CVE-2026-32136.

gbhackers.com

 

[Halp2001]

Thanks for bringing this alert, it’s always valuable for the community to stay aware of critical vulnerabilities in widely used tools.

It’s important to highlight that this flaw affects AdGuard Home (the network-level blocker) only, and not the browser extension. The extension works with the browser’s own APIs and does not share the compromised code in AdGuard Home, so those who only use the add-on in Chrome/Firefox/Edge can remain confident.

For those running AdGuard Home on servers or local devices, the recommendation is clear: update immediately to the patched version. Keeping these solutions up to date is just as important as installing them in the first place.

 

[ForgottenSeer 123960]

Executive Summary

Confirmed Facts
Unpatched versions of AdGuard Home are vulnerable to a critical authentication bypass flaw tracked as "CVE-2026-32136" with a CVSS severity rating of 9.8. The vendor has issued hotfix version "0.107.73" to address the vulnerability.

Assessment
This defect allows an unauthenticated remote attacker to gain full administrative privileges by abusing HTTP/1.1 to "h2c" upgrade requests that bypass internal multiplexer authentication. Because AdGuard Home is a third-party application and not a default OS component, the environmental threat level remains Theoretical/Low unless manual installation is confirmed on the network.

Technical Analysis & Remediation

MITRE ATT&CK Mapping

T1190
(Exploit Public-Facing Application)

T1078
(Valid Accounts - bypassed)

T1068
(Exploitation for Privilege Escalation).

CVE Profile
CVSS 9.8 (Critical)
CISA KEV Status: Inactive

Telemetry

Extracted Literals
CVE-2026-32136
0.107.73
HTTP/2 Cleartext
h2c

Constraint
Because raw exploit binaries or network capture files were not supplied, the precise payload size and structure are unknown. The vulnerability description suggests a protocol-level abuse mechanism relying on standard HTTP/1.1 headers to force an "h2c" upgrade, entirely circumventing the standard login mechanisms.

Remediation - THE ENTERPRISE TRACK (NIST SP 800-61r3 / CSF 2.0)

GOVERN (GV) – Crisis Management & Oversight

Command
Verify internal and supply chain risk policies regarding the deployment of unauthorized third-party DNS/ad-blocking solutions on corporate networks.

DETECT (DE) – Monitoring & Analysis

Command
Deploy SIEM queries to hunt for anomalous HTTP/1.1 to "h2c" upgrade requests targeting unexpected ports or unapproved AdGuard Home instances.

RESPOND (RS) – Mitigation & Containment

Command
Isolate endpoints running unapproved AdGuard Home instances. For authorized instances, enforce immediate updates to version "0.107.73" or later.

RECOVER (RC) – Restoration & Trust

Command
Validate system configuration integrity by reviewing DNS routing rules and system access logs to ensure unauthorized configuration changes were not established during the vulnerability window.

IDENTIFY & PROTECT (ID/PR) – The Feedback Loop

Command
Audit firewall configurations to ensure AdGuard Home management interfaces are strictly restricted from public internet access. Update asset management inventories.

Remediation - THE HOME USER TRACK (Safety Focus)

Priority 1: Safety

Command
Disconnect the AdGuard Home server from the internet immediately if your management interface is exposed publicly. (Only applicable if the Environmental Reality Check confirms you manually installed this software and exposed the port).

Command
Do not log into banking/email until your network DNS settings are verified clean.

Priority 2: Identity

Command
Reset passwords/MFA using a known clean device (e.g., a phone on a cellular 5G connection) if you suspect the AdGuard server was compromised and administrative credentials or traffic were intercepted.

Priority 3: Persistence

Command
Check Scheduled Tasks, Startup Folders, Browser Extensions, and custom DNS routing rules within the AdGuard Home dashboard for unauthorized changes. Command: Update AdGuard Home to version "0.107.73" immediately to neutralize the vulnerability.

Hardening & References

Baseline
CIS Benchmarks for Network Devices (Restrict management plane access to trusted internal IP ranges only).

Framework
NIST CSF 2.0 / SP 800-61r3.

Source

Vendor Release Notes (GitHub)

Security News Portal (GBHackers)