彙總 adguard 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 CSRF、SSRF、路徑處理缺陷與輸入驗證問題,在 生產負載與軟體部署 使用場景中可能帶來 異常行為與檔案覆寫 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-41448 | AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the token file path construction within the authglinet middleware. Attackers can craft a request with a traversal payload in the Admin-Token header to redirect file reads to arbitrary paths. | [email protected] | 9.2 | 0.53% | 2026-06-08 | 2026-07-14 |
| CVE-2026-32136 | AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext (h2c). Once the upgrade is accepted, the resulting HTTP/2 connection is handled by the inner mux, which has no authentication middleware attached. All subsequent HTTP/2 requests on that connection are processed as fully authenticated, regardless of wheth | [email protected] | 9.8 | 0.73% | 2026-03-11 | 2026-06-17 |
| CVE-2026-24904 | TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In `tls_listener.rs`, `TlsListener::listen()` peeks 1024 bytes and calls `extract_client_random(...)`. If `parse_tls_plaintext` fails (for example, a fragmented/partial ClientHello split across TCP writes), `extract_client_random` returns `None`. In `rules.rs`, `RulesEngine::evaluate` only evaluates `client_random_prefix` when `client_random` is `Some(...)`. As a result, when extraction fails (`clie | [email protected] | 5.3 | 0.26% | 2026-01-29 | 2026-06-17 |
| CVE-2026-24902 | TrustTunnel is an open-source VPN protocol with a server-side request forgery and and private network restriction bypass in versions prior to 0.9.114. In `tcp_forwarder.rs`, SSRF protection for `allow_private_network_connections = false` was only applied in the `TcpDestination::HostName(peer)` path. The `TcpDestination::Address(peer) => peer` path proceeded to `TcpStream::connect()` without equivalent checks (for example `is_global_ip`, `is_loopback`), allowing loopback/private targets to be rea | [email protected] | 7.1 | 0.23% | 2026-01-29 | 2026-06-17 |
| CVE-2025-51497 | An issue was discovered in AdGuard plugin before 1.11.22 for Safari on MacOS. AdGaurd verbosely logged each url that Safari accessed when the plugin was active. These logs went into the MacOS general logs for any unsandboxed process to read. This may be disabled in version 1.11.22. | [email protected] | 5.5 | 0.08% | 2025-07-17 | 2026-06-17 |
| CVE-2023-41173 | AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets. | [email protected] | 7.5 | 0.61% | 2023-08-25 | 2026-06-17 |
| CVE-2022-45770 | Improper input validation in adgnetworkwfpdrv.sys in Adguard For Windows x86 through 7.11 allows local privilege escalation. | [email protected] | 7.8 | 0.61% | 2023-01-26 | 2026-06-17 |
| CVE-2022-32175 | In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. An attacker can persuade an authorized user to follow a malicious link, resulting in deleting/modifying the custom filtering rules. | [email protected] | 5.4 | 0.27% | 2022-10-11 | 2026-06-17 |
| CVE-2021-27935 | An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie. | [email protected] | 7.5 | 4.12% | 2021-03-03 | 2026-06-16 |