CVE-2026-41448
Received Received - Intake
Authentication Bypass in AdGuard Home via Admin-Token Path Traversal

Publication date: 2026-06-08

Last updated on: 2026-06-08

Assigner: VulnCheck

Description
AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the token file path construction within the authglinet middleware. Attackers can craft a request with a traversal payload in the Admin-Token header to redirect file reads to arbitrary paths.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-08
Last Modified
2026-06-08
Generated
2026-06-09
AI Q&A
2026-06-08
EPSS Evaluated
N/A
NVD
CVE-2026-41448
EUVD
EUVD-2026-35126
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
adguard adguard_home to 0.107.77 (exc)
adguard adguard_home *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-41448 is a critical authentication bypass vulnerability in AdGuard Home when started with the --glinet flag. It allows unauthenticated attackers to gain full administrative access by exploiting a path traversal flaw in the Admin-Token cookie.

The vulnerability arises from unsanitized string concatenation in the token file path construction within the authglinet middleware. Attackers can craft a request with a path traversal sequence in the Admin-Token header, which redirects file reads to arbitrary paths, bypassing authentication controls.

Impact Analysis

This vulnerability can have severe impacts as it allows unauthenticated attackers to gain full administrative access to the AdGuard Home system.

  • Attackers can bypass authentication mechanisms completely.
  • Unauthorized users can control and manipulate the system settings and data.
  • Potential exposure of sensitive information and disruption of network filtering services.
Detection Guidance

This vulnerability can be detected by monitoring for HTTP requests that include suspicious or crafted path traversal sequences in the Admin-Token cookie or header.

You can use network traffic inspection tools like tcpdump or Wireshark to capture HTTP requests and look for Admin-Token headers containing path traversal patterns such as "../".

  • Example tcpdump command to capture HTTP traffic on port 80 or 443: tcpdump -A -s 0 'tcp port 80 or tcp port 443'
  • Use grep or similar tools to filter captured traffic for Admin-Token headers with traversal sequences: grep -i 'Admin-Token: .*\.\./' captured_traffic.txt

Additionally, reviewing server logs for unusual Admin-Token values containing path traversal sequences can help detect exploitation attempts.

Mitigation Strategies

The immediate mitigation step is to upgrade AdGuard Home to version 0.107.77 or later, where this vulnerability has been fixed.

If upgrading immediately is not possible, avoid starting AdGuard Home with the --glinet flag, as the vulnerability is triggered only when this flag is used.

Monitor and block suspicious requests containing path traversal sequences in the Admin-Token header to reduce risk until the patch is applied.

Compliance Impact

The vulnerability allows unauthenticated attackers to gain full administrative access to AdGuard Home when started with the --glinet flag by exploiting a path traversal flaw in the Admin-Token cookie. This unauthorized access could lead to exposure or manipulation of sensitive data managed by the system.

Such unauthorized administrative access can compromise the confidentiality, integrity, and availability of data, potentially violating compliance requirements under standards like GDPR and HIPAA, which mandate strict access controls and protection of personal and sensitive information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-41448. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart