CVE-2026-32136 – This vulnerability allows unauthenticated remot... (How to Fix)

Q: What is the severity of CVE-2026-32136?

CVE-2026-32136 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows unauthenticated remote attackers to bypass all authentication in AdGuard Home by exploiting an HTTP/1.1 to HTTP/2 cleartext upgrade mechanism. Once exploited, attackers gain full authenticated access to the AdGuard Home administration interface without credentials. All AdGuard Home instances prior to version 0.107.73 are affected.

📋 TL;DR

This vulnerability allows unauthenticated remote attackers to bypass all authentication in AdGuard Home by exploiting an HTTP/1.1 to HTTP/2 cleartext upgrade mechanism. Once exploited, attackers gain full authenticated access to the AdGuard Home administration interface without credentials. All AdGuard Home instances prior to version 0.107.73 are affected.

💻 Affected Systems

Products:

AdGuard Home

Versions: All versions prior to 0.107.73

Operating Systems: All platforms running AdGuard Home

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. The vulnerability affects the web administration interface authentication mechanism.

📦 What is this software?

Adguardhome by Adguard

View all CVEs affecting Adguardhome →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of network-wide ad blocking and DNS filtering, allowing attackers to modify DNS settings, disable security protections, redirect traffic, and potentially gain access to internal network resources.

🟠

Likely Case

Unauthorized access to AdGuard Home administration panel leading to DNS hijacking, disabling of security filters, and potential exposure of network traffic patterns.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent external access to AdGuard Home administration interface.

🌐 Internet-Facing: HIGH - AdGuard Home instances exposed to the internet are directly vulnerable to unauthenticated remote attacks.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability to gain administrative access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The exploit requires sending a specific HTTP/1.1 request with an upgrade to HTTP/2 cleartext (h2c). Public proof-of-concept code is available in the security advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.107.73

Vendor Advisory: https://github.com/AdguardTeam/AdGuardHome/security/advisories/GHSA-5fg6-wrq4-w5gh

Restart Required: Yes

Instructions:

1. Stop AdGuard Home service
2. Backup current configuration
3. Download and install version 0.107.73 or later from official sources
4. Restart AdGuard Home service
5. Verify authentication is working correctly

🔧 Temporary Workarounds

Restrict Network Access

all

Limit access to AdGuard Home administration interface to trusted IP addresses only

Use firewall rules to restrict access to AdGuard Home port (typically 3000 or 80/443)

Disable External Access

all

Configure AdGuard Home to only listen on localhost/loopback interface

Modify AdGuard Home configuration to set bind_host to 127.0.0.1 or ::1

🧯 If You Can't Patch

Implement strict network access controls to limit AdGuard Home administration interface access to trusted IP addresses only
Place AdGuard Home behind a reverse proxy with proper authentication and request validation

🔍 How to Verify

Check if Vulnerable:

Check if AdGuard Home version is below 0.107.73 by accessing the web interface and viewing version information

Check Version:

curl -s http://adguard-home-ip:port/control/version | grep version

Verify Fix Applied:

After updating, verify version is 0.107.73 or higher and test authentication by attempting to access admin interface without credentials

📡 Detection & Monitoring

Log Indicators:

HTTP/1.1 requests with 'Upgrade: h2c' header
Unauthenticated access to admin endpoints
Multiple failed authentication attempts followed by successful access

Network Indicators:

HTTP/2 cleartext (h2c) upgrade requests to AdGuard Home port
Unusual HTTP/2 traffic to administration interface

SIEM Query:

source="adguard" AND (http_header="Upgrade: h2c" OR http_method="CONNECT" AND http_version="HTTP/1.1")

📊 Metadata

CVE ID: CVE-2026-32136

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: March 11, 2026

Last Updated: March 13, 2026

🔗 References

https://github.com/AdguardTeam/AdGuardHome/security/advisories/GHSA-5fg6-wrq4-w5gh Exploit,Vendor Advisory,Mitigation

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-32136, you might also want to check these: