PatchSiren cyber security CVE debrief

CVE-2026-41448 AdguardTeam CVE debrief

CVE-2026-41448 is a critical authentication bypass vulnerability in AdGuard Home when started with the --glinet flag. This vulnerability allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the token file path construction within the authglinet middleware. Attackers can craft a request with a traversal payload in the Admin-Token header to redirect file reads to arbitrary paths.

Vendor: AdguardTeam
Product: AdGuardHome
CVSS: CRITICAL 9.2
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-08
Original CVE updated: 2026-06-09
Advisory published: 2026-06-08
Advisory updated: 2026-06-09

Who should care

Users of AdGuard Home with the --glinet flag enabled should be aware of this vulnerability and take immediate action to mitigate the risk.

Technical summary

The vulnerability exists in the authglinet middleware of AdGuard Home when started with the --glinet flag. The middleware improperly handles the Admin-Token cookie, allowing an attacker to bypass authentication by providing a path traversal sequence. This can lead to full admin access for unauthenticated attackers.

Defensive priority

High

Recommended defensive actions

Apply the patch from AdGuard Home version v0.107.77 (see resourceLinkAnnotations 'ref-4')
Review and update AdGuard Home configurations to ensure the --glinet flag is properly secured
Monitor for suspicious activity and implement additional security measures to detect potential exploitation attempts

Evidence notes

The CVE-2026-41448 record was obtained from the official CVE.org database (see resourceLinkAnnotations 'cve-org'). Additional information was sourced from NVD (see resourceLinkAnnotations 'nvd') and Vulncheck (see resourceLinkAnnotations 'ref-5').

Official resources

CVE-2026-41448 was published on 2026-06-08T17:16:42.847Z and modified on 2026-06-09T13:51:18.770Z.