GCVE - cpe:2.3:a:adguard:adguardhome:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:adguard:adguardhome:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Adguard (`fed3167d-febd-5e13-9e55-b0502eea4cb1`)
Product	Adguardhome (`07ca3d84-e1d2-5be1-b4e1-76a9dab5b74b`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:docker/adguard/adguardhome`	purl2cpe	2026-06-01 10:16:34.113955
`pkg:github/adguardteam/adguardhome`	purl2cpe	2026-06-01 10:16:34.113958
`pkg:rpm/opensuse/adguardhome`	purl2cpe	2026-06-01 10:16:34.113961
`pkg:sourceforge/adguardhome.mirror`	purl2cpe	2026-06-01 10:16:34.113964

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-32136`	vulnerable	2026-06-03 15:20:42.000231	AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass CRITICAL (9.8) AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext (h2c). Once the upgrade is accepted, the resulting HTTP/2 connection is handled by the inner mux, which has no authentication middleware attached. All subsequent HTTP/2 requests on that connection are processed as fully authenticated, regardless of whether any credentials were provided. This vulnerability is fixed in 0.107.73. Published: 2026-03-11T21:42:31.422Z Updated: 2026-03-12T16:17:48.461Z Open on db.gcve.eu Reference links https://github.com/AdguardTeam/AdGuardHome/security/advisories/GHSA-5fg6-wrq4-w5gh	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-32175`	vulnerable	2026-06-03 14:47:20.858501	AdGuardHome - CSRF In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. An attacker can persuade an authorized user to follow a malicious link, resulting in deleting/modifying the custom filtering rules. Published: 2022-10-11T14:20:11.178Z Updated: 2025-05-20T14:10:22.988Z Open on db.gcve.eu Reference links https://www.mend.io/vulnerability-database/CVE-2022-32175 https://github.com/AdguardTeam/AdGuardHome/blob/v0.108.0-b.13/internal/home/controlfiltering.go#L265	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.