FHN 
AdGuard Home vulnerability tracked as CVE-2026-32136 allows attackers to bypass authentication and gain administrative access to affected systems.
The flaw, tracked as CVE-2026-32136, has received a critical severity score of 9.8. The vulnerability allows remote attackers to bypass the login system and gain administrative access without entering valid credentials.
If exploited, attackers could take full control of an affected AdGuard Home instance.
Discovery of the Vulnerability
The issue was discovered by a security researcher known as mandreko. After receiving the report, the AdGuard team confirmed the problem and quickly worked on a fix.
To reduce the risk for users, the developers released a security update in AdGuard Home version 0.107.73.
The fast response was aimed at preventing attackers from exploiting the vulnerability on exposed systems.
How the Attack Works
The vulnerability is related to how older versions of AdGuard Home handle certain network connection upgrade requests.
The attack process works roughly like this:
• an attacker sends a crafted HTTP request to the AdGuard server
• the request attempts to upgrade the connection to HTTP/2 Cleartext (h2c)
• the server accepts the upgrade and forwards the connection internally
The problem occurs because the internal system that processes the upgraded connection does not properly check authentication.
As a result, requests sent through that connection are treated as if they are already authenticated. This allows the attacker to access administrative features without logging in.
Security Fix and Protection
The AdGuard development team fixed the issue by enforcing proper authentication checks for requests that use the connection upgrade feature.
Users and administrators should take the following steps to protect their systems:
• update AdGuard Home to version 0.107.73 or later
• restrict public access to the AdGuard management interface
• review firewall rules to block unnecessary external access
• check system logs for suspicious activity or configuration changes
Updating to the latest version is the most important step to prevent attackers from exploiting this vulnerability.
About the Author
