AdGuard Home v0.107.77 released on 02-06-2026

AdGuard Home v0.107.77 is out now. It fixes a path traversal vulnerability in authorization when running in GLiNET mode (CVE-2026-41448), closing a route that could allow unauthorised access via crafted paths.
Users should upgrade promptly; developers and integrators should check the project’s GitHub for the full changelog and the updated OpenAPI schema (see openapi/openapi.yaml) for API details.
What’s in this release
- Security fix: authorization in GLiNET mode patched to remove a path traversal vulnerability (CVE-2026-41448).
- API change: new reason query parameter added to GET /control/querylog for finer filtering of query log entries.
- Deprecation: query parameter response_status in GET /control/querylog is now deprecated; migrate to the new reason parameter.
Upgrade notes
- Upgrade promptly to remove the risk of unauthorised access via crafted paths; the issue was reported by @djnnvx and has been patched in this release.
- Migrate any clients or scripts using response_status to the new reason parameter; consult openapi/openapi.yaml and the v0.107.77 GitHub milestone for examples and the full changelog.
Share any comments on your upgrade experience or problems you encounter on the project’s issue tracker or community channels — the team thanked contributors for rapid reporting and validation, and they welcome further feedback.


