AdGuard Home v0.107.77 released on 02-06-2026

AdGuard Home v0.107.77 is out now. It fixes a critical authorization path traversal vulnerability in GLiNET mode (CVE-2026-41448), so users running AdGuard Home in GLiNET mode should upgrade promptly.
See the project’s GitHub repository for the full changelog and consult openapi/openapi.yaml for the new API parameter specification.
What’s in this release
- Fix for authorization path traversal in GLiNET mode (CVE-2026-41448), reported by @djnnvx
- Added new reason query parameter to GET /control/querylog for finer-grained filtering and semantics (see openapi/openapi.yaml)
- Deprecated response_status query parameter on GET /control/querylog in favour of the new reason parameter; clients should migrate
Upgrade notes
- Users running AdGuard Home in GLiNET mode should upgrade to v0.107.77 promptly to close the authorization/path traversal hole.
- The response_status parameter remains supported for compatibility but is deprecated and will be removed in a future release; update client integrations to use reason.
Share comments about your upgrade experience on the v0.107.77 milestone or by opening an issue on the project’s GitHub; contributions to testing, reports and translations are appreciated.


