CVE-2026-32136 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 12, 2026
AdGuard Home - Authentication Bypass
Overview
AdGuard Home < 0.107.73 contains an authentication bypass caused by improper handling of HTTP/2 cleartext (h2c) upgrade requests, letting unauthenticated remote attackers bypass authentication, exploit requires sending a crafted HTTP/1.1 upgrade request.
Severity & Score
Impact
Unauthenticated remote attackers can bypass all authentication, gaining full access to the system.
Mitigation
Update to version 0.107.73 or later.
Social Media Activity(3 posts)
š“ CVE-2026-32136 - Critical (9.8) AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext (... š https://www.thehackerwire.com/vulnerability/CVE-2026-32136/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2026-32136 - Critical (9.8) AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext (... š https://www.thehackerwire.com/vulnerability/CVE-2026-32136/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
CVE-2026-32136 (CRITICAL): AdGuard Home <0.107.73 allows remote auth bypass via HTTP/2 cleartext upgrade. Full admin access at risk. Upgrade now! š https://radar.offseq.com/threat/cve-2026-32136-cwe-287-improper-authentication-in--91bc9287 #OffSeq #AdGuardHome #Vulnerability #Infosec
View original postRelated Resources
Details
- CVE ID
- CVE-2026-32136
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- broken_authentication
- Status
- unconfirmed
- EPSS
- 17.0%
- Social Posts
- 3
CWE
- CWE-287
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H