CRITICAL
AdguardTeam
CVE published 2026-06-08
CVE-2026-41448
CVE-2026-41448 is a critical authentication bypass vulnerability in AdGuard Home when started with the --glinet flag. This vulnerability allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the token file path construction within the authglinet middleware. Attackers can craft a request wi [truncated]