Home / Vulnerability Intelligence / CVE-2026-32136

CVE-2026-32136 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 12, 2026

AdGuard Home - Authentication Bypass

Published: March 11, 2026Updated: March 12, 2026Remote Exploitable

Overview

AdGuard Home < 0.107.73 contains an authentication bypass caused by improper handling of HTTP/2 cleartext (h2c) upgrade requests, letting unauthenticated remote attackers bypass authentication, exploit requires sending a crafted HTTP/1.1 upgrade request.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 78.9%(Probability of exploitation in next 30 days)

Impact

Unauthenticated remote attackers can bypass all authentication, gaining full access to the system.

Mitigation

Update to version 0.107.73 or later.

References

https://github.com/AdguardTeam/AdGuardHome/security/advisories/GHSA-5fg6-wrq4-w5gh

Social Media Activity(1 post)

benzogaga33 :verified:

@benzogaga33

Mar 18, 2026

Votre AdGuard Home est vulnérable à une compromission totale : CVE-2026-32136 https://www.it-connect.fr/votre-adguard-home-est-vulnerable-a-une-compromission-totale-cve-2026-32136/ #ActuCybersécurité #Cybersécurité #Vulnérabilité

View original post

Related Resources

Details

CVE ID: CVE-2026-32136
Severity: Critical
CVSS Score: 9.8
Type: broken_authentication
Status: unconfirmed
EPSS: 78.9%
Social Posts: 1

CWE

CWE-287

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

78.9%Probability of exploitation in the next 30 days