Main Vulnerability Database Exploits ID:12686 - Exploit for Improper Authentication in AdGuard Home - CVE-2026-32136

ID:12686 - Exploit for Improper Authentication in AdGuard Home - CVE-2026-32136

Published: April 30, 2026

Vulnerability identifier: #VU127584

Vulnerability risk: High

CVE-ID: CVE-2026-32136

CWE-ID: CWE-287

Exploitation vector: Remote access

Vulnerable software:
AdGuard Home

Link to public exploit:

https://github.com/0xdak/CVE-2026-32136_exploit

Vulnerability description

The vulnerability allows a remote attacker to bypass authentication and gain administrative access.

The vulnerability exists due to improper authentication in internal/home/web.go when processing an HTTP/1.1 request that upgrades to HTTP/2 cleartext (h2c). A remote attacker can send a specially crafted upgrade request to bypass authentication and gain administrative access.

HTTP/2 over TLS is not affected.

Remediation

Install security update from vendor's website.

ID:12686 - Exploit for Improper Authentication in AdGuard Home - CVE-2026-32136

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human