Vulnerability Reportadguard/adguardhome:v0.107.70

adguard/adguardhome:v0.107.70

DIGESTsha256:33e2240c466b2bb1d4fe9d65fd86178160bf6ee8835cf7b50ab3a7c5e39571fe

Executive Summary

Threat ScoreCAUTION• High community trust (174M+ pulls, 1411 stars) but image has 50 exposed vulnerabilities, 11 of which are >=6.0 severity.• Top CVE-2025-68121 (severity 6.8) affects TLS certificate validation during session resumption, requiring non-default configuration.• Multiple denial-of-service CVEs in Go stdlib (e.g., CVE-2026-32280, CVE-2026-33814) could be triggered by network input.• No critical (>=7.0) vulnerabilities, but the volume of medium-severity issues increases attack surface.

50/100CAUTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (174M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. Attackers could cause denial of service by sending crafted network requests exploiting multiple Go stdlib vulnerabilities (e.g., CVE-2026-32280, CVE-2026-33814), potentially disrupting the DNS/blocking service. Note that CVE-2025-68121 requires a non-default TLS configuration to be exploitable. While the image has high community trust, the volume of medium-severity CVEs warrants caution.

Vulnerabilities

Vulnerability Log

78 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2025-68121	MEDIUM6.8	stdlib v1.25.5 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-40898	MEDIUM6.38	github.com/quic-go/quic-go v0.57.0 fixed in 0.59.1	0.5% Theoretical Threat	Directly Exposed
CVE-2026-32280	MEDIUM6.38	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32281	MEDIUM6.38	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32283	MEDIUM6.38	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33811	MEDIUM6.38	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Directly Exposed
CVE-2026-33814	MEDIUM6.38	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-39820	MEDIUM6.38	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-39836	MEDIUM6.38	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	libcrypto3 3.3.5-r0 fixed in 3.3.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	libssl3 3.3.5-r0 fixed in 3.3.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-4878	MEDIUM5.95	libcap 2.71-r0 fixed in 2.78-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4878	MEDIUM5.95	libcap2 2.71-r0 fixed in 2.78-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-32282	MEDIUM5.44	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32289	MEDIUM5.18	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-61726	MEDIUM5.1	stdlib v1.25.5 fixed in 1.24.12, 1.25.6	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-25679	MEDIUM5.1	stdlib v1.25.5 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-31790	MEDIUM5.02	libcrypto3 3.3.5-r0 fixed in 3.3.7-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	libcrypto3 3.3.5-r0 fixed in 3.3.6-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	libcrypto3 3.3.5-r0 fixed in 3.3.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libcrypto3 3.3.5-r0 fixed in 3.3.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libcrypto3 3.3.5-r0 fixed in 3.3.6-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	libssl3 3.3.5-r0 fixed in 3.3.7-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	libssl3 3.3.5-r0 fixed in 3.3.6-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	libssl3 3.3.5-r0 fixed in 3.3.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libssl3 3.3.5-r0 fixed in 3.3.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libssl3 3.3.5-r0 fixed in 3.3.6-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libcrypto3 3.3.5-r0 fixed in 3.3.6-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libssl3 3.3.5-r0 fixed in 3.3.6-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-6042	MEDIUM4.67	musl 1.2.5-r9 fixed in 1.2.5-r10	0.2% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-32288	MEDIUM4.67	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2022-32175	MEDIUM4.59	github.com/AdguardTeam/AdGuardHome v0.107.70+dirty fixed in 0.108.0-b.16	0.3% Theoretical Threat	Directly Exposed
CVE-2026-27142	MEDIUM4.59	stdlib v1.25.5 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39826	MEDIUM4.59	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2025-61730	MEDIUM4.5	stdlib v1.25.5 fixed in 1.24.12, 1.25.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42507	MEDIUM4.5	stdlib v1.25.5 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Directly Exposed
CVE-2025-15467	MEDIUM4.06	libcrypto3 3.3.5-r0 fixed in 3.3.6-r0	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-15467	MEDIUM4.06	libssl3 3.3.5-r0 fixed in 3.3.6-r0	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-68160	MEDIUM4	libcrypto3 3.3.5-r0 fixed in 3.3.6-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-68160	MEDIUM4	libssl3 3.3.5-r0 fixed in 3.3.6-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-40200	LOW3.98	musl-utils 1.2.5-r9 fixed in 1.2.5-r11	0.1% Theoretical Threat	Post-Exploit
CVE-2026-4878	LOW3.57	libcap-getcap 2.71-r0 fixed in 2.78-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-4878	LOW3.57	libcap-setcap 2.71-r0 fixed in 2.78-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-4878	LOW3.57	libcap-utils 2.71-r0 fixed in 2.78-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69418	LOW3.4	libcrypto3 3.3.5-r0 fixed in 3.3.6-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW3.4	libssl3 3.3.5-r0 fixed in 3.3.6-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-31789	LOW3	libcrypto3 3.3.5-r0 fixed in 3.3.7-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-31789	LOW3	libssl3 3.3.5-r0 fixed in 3.3.7-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-6042	LOW2.8	musl-utils 1.2.5-r9 fixed in 1.2.5-r10	0.2% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	libcrypto3 3.3.5-r0 fixed in 3.3.7-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	libssl3 3.3.5-r0 fixed in 3.3.7-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-40200	LOW2.39	musl 1.2.5-r9 fixed in 1.2.5-r11	0.1% Theoretical Threat	Post-Exploit
CVE-2026-22184	LOW2.39	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69421	LOW2.29	libcrypto3 3.3.5-r0 fixed in 3.3.6-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28388	LOW2.29	libcrypto3 3.3.5-r0 fixed in 3.3.7-r0	0.9% Theoretical Threat	Post-Exploit
CVE-2026-28389	LOW2.29	libcrypto3 3.3.5-r0 fixed in 3.3.7-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28390	LOW2.29	libcrypto3 3.3.5-r0 fixed in 3.3.7-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2025-69421	LOW2.29	libssl3 3.3.5-r0 fixed in 3.3.6-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28388	LOW2.29	libssl3 3.3.5-r0 fixed in 3.3.7-r0	0.9% Theoretical Threat	Post-Exploit
CVE-2026-28389	LOW2.29	libssl3 3.3.5-r0 fixed in 3.3.7-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28390	LOW2.29	libssl3 3.3.5-r0 fixed in 3.3.7-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2025-61728	LOW2.29	stdlib v1.25.5 fixed in 1.24.12, 1.25.6	0.6% Theoretical Threat	Post-Exploit
CVE-2026-27139	LOW2.12	stdlib v1.25.5 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Directly Exposed
CVE-2025-46394	LOW1.68	busybox 1.37.0-r13 fixed in 1.37.0-r14	0.1% Theoretical Threat	Post-Exploit
CVE-2025-46394	LOW1.68	busybox-binsh 1.37.0-r13 fixed in 1.37.0-r14	0.1% Theoretical Threat	Post-Exploit
CVE-2025-46394	LOW1.68	ssl_client 1.37.0-r13 fixed in 1.37.0-r14	0.1% Theoretical Threat	Post-Exploit
CVE-2024-58251	NONE0	busybox 1.37.0-r13 fixed in 1.37.0-r14	0.2% Theoretical Threat	Not Applicable
CVE-2024-58251	NONE0	busybox-binsh 1.37.0-r13 fixed in 1.37.0-r14	0.2% Theoretical Threat	Not Applicable
CVE-2024-58251	NONE0	ssl_client 1.37.0-r13 fixed in 1.37.0-r14	0.2% Theoretical Threat	Not Applicable
CVE-2026-32136	NONE0	github.com/AdguardTeam/AdGuardHome v0.107.70+dirty fixed in 0.107.73	0.7% Theoretical Threat	Not Applicable
CVE-2026-47703	NONE0	github.com/AdguardTeam/AdGuardHome v0.107.70+dirty fixed in 0.107.75	—	Not Applicable
CVE-2026-47703	NONE0	github.com/AdguardTeam/dnsproxy v0.78.1 fixed in 0.81.3	—	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.25.5 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.25.5 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable