{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32136", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T22:19:36.546Z", "datePublished": "2026-03-11T21:42:31.422Z", "dateUpdated": "2026-03-12T16:17:48.461Z"}, "containers": {"cna": {"title": "AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass", "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "lang": "en", "description": "CWE-287: Improper Authentication", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/AdguardTeam/AdGuardHome/security/advisories/GHSA-5fg6-wrq4-w5gh", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/AdguardTeam/AdGuardHome/security/advisories/GHSA-5fg6-wrq4-w5gh"}], "affected": [{"vendor": "AdguardTeam", "product": "AdGuardHome", "versions": [{"version": "< 0.107.73", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-11T21:42:31.422Z"}, "descriptions": [{"lang": "en", "value": "AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext (h2c). Once the upgrade is accepted, the resulting HTTP/2 connection is handled by the inner mux, which has no authentication middleware attached. All subsequent HTTP/2 requests on that connection are processed as fully authenticated, regardless of whether any credentials were provided. This vulnerability is fixed in 0.107.73."}], "source": {"advisory": "GHSA-5fg6-wrq4-w5gh", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T15:10:58.901342Z", "id": "CVE-2026-32136", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T16:17:48.461Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32136", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-12T15:10:58.901342Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T15:11:05.153Z"}}], "cna": {"title": "AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass", "source": {"advisory": "GHSA-5fg6-wrq4-w5gh", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "AdguardTeam", "product": "AdGuardHome", "versions": [{"status": "affected", "version": "< 0.107.73"}]}], "references": [{"url": "https://github.com/AdguardTeam/AdGuardHome/security/advisories/GHSA-5fg6-wrq4-w5gh", "name": "https://github.com/AdguardTeam/AdGuardHome/security/advisories/GHSA-5fg6-wrq4-w5gh", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext (h2c). Once the upgrade is accepted, the resulting HTTP/2 connection is handled by the inner mux, which has no authentication middleware attached. All subsequent HTTP/2 requests on that connection are processed as fully authenticated, regardless of whether any credentials were provided. This vulnerability is fixed in 0.107.73."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287: Improper Authentication"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-11T21:42:31.422Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32136", "state": "PUBLISHED", "dateUpdated": "2026-03-12T16:17:48.461Z", "dateReserved": "2026-03-10T22:19:36.546Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-11T21:42:31.422Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adguard:adguardhome:*:*:*:*:*:*:*:*", "matchCriteriaId": "045CAB9C-0942-408F-BEE0-0600E5922070", "versionEndExcluding": "0.107.73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext (h2c). Once the upgrade is accepted, the resulting HTTP/2 connection is handled by the inner mux, which has no authentication middleware attached. All subsequent HTTP/2 requests on that connection are processed as fully authenticated, regardless of whether any credentials were provided. This vulnerability is fixed in 0.107.73."}, {"lang": "es", "value": "AdGuard Home es un software a nivel de red para bloquear anuncios y rastreo. Antes de la versi\u00f3n 0.107.73, un atacante remoto no autenticado puede eludir toda la autenticaci\u00f3n en AdGuardHome enviando una solicitud HTTP/1.1 que solicita una actualizaci\u00f3n a HTTP/2 en texto claro (h2c). Una vez que se acepta la actualizaci\u00f3n, la conexi\u00f3n HTTP/2 resultante es manejada por el multiplexor interno, que no tiene ning\u00fan middleware de autenticaci\u00f3n adjunto. Todas las solicitudes HTTP/2 posteriores en esa conexi\u00f3n se procesan como completamente autenticadas, independientemente de si se proporcionaron credenciales. Esta vulnerabilidad se corrige en la versi\u00f3n 0.107.73."}], "id": "CVE-2026-32136", "lastModified": "2026-03-13T20:19:00.987", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-11T22:16:33.423", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory", "Mitigation"], "url": "https://github.com/AdguardTeam/AdGuardHome/security/advisories/GHSA-5fg6-wrq4-w5gh"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.107.73)"}}], "enrichment": {"confidence": 90.0, "confidence_source": "matching", "scores": [{"score": 90.0, "source": "matching"}]}, "original": {"product": "AdGuardHome", "source": "cna", "vendor": "AdguardTeam"}, "product": "adguardhome", "vendor": "adguard"}], "analysis": {"en": {"generated_at": "2026-03-17T17:04:23.271190+00:00", "value": {"mitigation_remediation": ["Upgrade AdGuard Home to version 0.107.73 or later."], "summary": {"action": "Immediate Patch", "impact": "Authentication Bypass"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all installations of AdGuard Home running versions earlier than 0.107.73. The affected vendor is AdguardTeam:AdGuardHome, and the generic CPE identifier is cpe:2.3:a:adguard:adguardhome:*:*:*:*:*:*:*:.", "description_and_impact": "An unauthenticated remote attacker can bypass all authentication in AdGuard Home by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext (h2c). Once the upgrade is accepted, the resulting HTTP/2 connection is handled by the inner multiplexer, which has no authentication middleware attached. All subsequent HTTP/2 requests on that connection are processed as fully authenticated, regardless of whether any credentials were provided. This flaw is identified as CWE\u2011287 and allows an attacker to gain full administrative control of the service.", "risk_and_exploitability": "The CVSS score of 9.8 classifies this as a critical vulnerability, while the EPSS score of less than 1% indicates a relatively low current exploitation probability. This flaw is not listed in the CISA KEV catalog. The likely attack vector is a remote, unauthenticated network attacker who can send a crafted HTTP/1.1 upgrade request to an internet\u2011facing AdGuard Home instance. Exploitation would give the attacker unrestricted administrative access to the service without any valid credentials."}}}}, "created": "2026-03-12T09:55:41.444976+00:00", "updated": "2026-03-20T15:36:50.004032+00:00", "vendors": ["adguard", "adguard$PRODUCT$adguardhome"]}