Vulnerability Reportadguard/adguardhome:v0.107.71

adguard/adguardhome:v0.107.71

DIGESTsha256:92929135ced2554aaf94706f766a98ad348f211df61b0704e2db7e8498cc00b7

Executive Summary

Threat ScoreCAUTION• 52 vulnerabilities exposed to network, 13 with CVSS >=6.0, maximum CVSS 6.8 (CVE-2025-68121).• Multiple denial-of-service vulnerabilities in crypto/tls, net/url, and quic-go (CVE-2025-61726, CVE-2026-25679) can be triggered remotely.• Image is from a popular community publisher (AdGuard) with high reputation (174M+ pulls) and pinned by digest, but not officially verified.• No critical severity vulnerabilities (none >=7.0); all exposures are Medium severity DoS, no RCE or auth bypass.

50/100CAUTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (174M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could exploit multiple denial-of-service vulnerabilities (e.g., CVE-2025-61726, CVE-2026-25679) to crash the web interface or DNS-over-HTTPS service. Note that CVE-2025-68121 requires a non-default TLS configuration to be exploitable. All vulnerabilities are medium severity and do not allow code execution or data exfiltration.

Vulnerabilities

Vulnerability Log

78 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2025-68121	MEDIUM6.8	stdlib v1.25.5 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-40898	MEDIUM6.38	github.com/quic-go/quic-go v0.57.0 fixed in 0.59.1	0.5% Theoretical Threat	Directly Exposed
CVE-2025-61726	MEDIUM6.38	stdlib v1.25.5 fixed in 1.24.12, 1.25.6	0.8% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-25679	MEDIUM6.38	stdlib v1.25.5 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-32280	MEDIUM6.38	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32281	MEDIUM6.38	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32283	MEDIUM6.38	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33811	MEDIUM6.38	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Directly Exposed
CVE-2026-33814	MEDIUM6.38	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-39820	MEDIUM6.38	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-39836	MEDIUM6.38	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	libcrypto3 3.3.5-r0 fixed in 3.3.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	libssl3 3.3.5-r0 fixed in 3.3.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-4878	MEDIUM5.95	libcap 2.71-r0 fixed in 2.78-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4878	MEDIUM5.95	libcap2 2.71-r0 fixed in 2.78-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-28387	MEDIUM5.5	libcrypto3 3.3.5-r0 fixed in 3.3.7-r0	0.6% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-28387	MEDIUM5.5	libssl3 3.3.5-r0 fixed in 3.3.7-r0	0.6% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32282	MEDIUM5.44	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32289	MEDIUM5.18	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	libcrypto3 3.3.5-r0 fixed in 3.3.7-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	libcrypto3 3.3.5-r0 fixed in 3.3.6-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	libcrypto3 3.3.5-r0 fixed in 3.3.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libcrypto3 3.3.5-r0 fixed in 3.3.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libcrypto3 3.3.5-r0 fixed in 3.3.6-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	libssl3 3.3.5-r0 fixed in 3.3.7-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	libssl3 3.3.5-r0 fixed in 3.3.6-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	libssl3 3.3.5-r0 fixed in 3.3.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libssl3 3.3.5-r0 fixed in 3.3.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libssl3 3.3.5-r0 fixed in 3.3.6-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libcrypto3 3.3.5-r0 fixed in 3.3.6-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libssl3 3.3.5-r0 fixed in 3.3.6-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-6042	MEDIUM4.67	musl 1.2.5-r9 fixed in 1.2.5-r10	0.2% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-32288	MEDIUM4.67	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2022-32175	MEDIUM4.59	github.com/AdguardTeam/AdGuardHome v0.107.71+dirty fixed in 0.108.0-b.16	0.3% Theoretical Threat	Directly Exposed
CVE-2026-27142	MEDIUM4.59	stdlib v1.25.5 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39826	MEDIUM4.59	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2025-61730	MEDIUM4.5	stdlib v1.25.5 fixed in 1.24.12, 1.25.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42507	MEDIUM4.5	stdlib v1.25.5 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Directly Exposed
CVE-2025-15467	MEDIUM4.06	libcrypto3 3.3.5-r0 fixed in 3.3.6-r0	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-15467	MEDIUM4.06	libssl3 3.3.5-r0 fixed in 3.3.6-r0	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-68160	MEDIUM4	libcrypto3 3.3.5-r0 fixed in 3.3.6-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-68160	MEDIUM4	libssl3 3.3.5-r0 fixed in 3.3.6-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4878	LOW3.57	libcap-getcap 2.71-r0 fixed in 2.78-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-4878	LOW3.57	libcap-setcap 2.71-r0 fixed in 2.78-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-4878	LOW3.57	libcap-utils 2.71-r0 fixed in 2.78-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69418	LOW3.4	libcrypto3 3.3.5-r0 fixed in 3.3.6-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW3.4	libssl3 3.3.5-r0 fixed in 3.3.6-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-31789	LOW3	libcrypto3 3.3.5-r0 fixed in 3.3.7-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-31789	LOW3	libssl3 3.3.5-r0 fixed in 3.3.7-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-40200	LOW2.39	musl 1.2.5-r9 fixed in 1.2.5-r11	0.1% Theoretical Threat	Post-Exploit
CVE-2026-22184	LOW2.39	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69421	LOW2.29	libcrypto3 3.3.5-r0 fixed in 3.3.6-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28388	LOW2.29	libcrypto3 3.3.5-r0 fixed in 3.3.7-r0	0.9% Theoretical Threat	Post-Exploit
CVE-2026-28389	LOW2.29	libcrypto3 3.3.5-r0 fixed in 3.3.7-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28390	LOW2.29	libcrypto3 3.3.5-r0 fixed in 3.3.7-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2025-69421	LOW2.29	libssl3 3.3.5-r0 fixed in 3.3.6-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28388	LOW2.29	libssl3 3.3.5-r0 fixed in 3.3.7-r0	0.9% Theoretical Threat	Post-Exploit
CVE-2026-28389	LOW2.29	libssl3 3.3.5-r0 fixed in 3.3.7-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28390	LOW2.29	libssl3 3.3.5-r0 fixed in 3.3.7-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2025-61728	LOW2.29	stdlib v1.25.5 fixed in 1.24.12, 1.25.6	0.6% Theoretical Threat	Post-Exploit
CVE-2026-27139	LOW2.12	stdlib v1.25.5 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Directly Exposed
CVE-2025-46394	LOW1.68	busybox 1.37.0-r13 fixed in 1.37.0-r14	0.1% Theoretical Threat	Post-Exploit
CVE-2025-46394	LOW1.68	busybox-binsh 1.37.0-r13 fixed in 1.37.0-r14	0.1% Theoretical Threat	Post-Exploit
CVE-2025-46394	LOW1.68	ssl_client 1.37.0-r13 fixed in 1.37.0-r14	0.1% Theoretical Threat	Post-Exploit
CVE-2026-40200	NONE0	musl-utils 1.2.5-r9 fixed in 1.2.5-r11	0.1% Theoretical Threat	Not Applicable
CVE-2026-6042	NONE0	musl-utils 1.2.5-r9 fixed in 1.2.5-r10	0.2% Theoretical Threat	Not Applicable
CVE-2024-58251	NONE0	busybox 1.37.0-r13 fixed in 1.37.0-r14	0.2% Theoretical Threat	Not Applicable
CVE-2024-58251	NONE0	busybox-binsh 1.37.0-r13 fixed in 1.37.0-r14	0.2% Theoretical Threat	Not Applicable
CVE-2024-58251	NONE0	ssl_client 1.37.0-r13 fixed in 1.37.0-r14	0.2% Theoretical Threat	Not Applicable
CVE-2026-32136	NONE0	github.com/AdguardTeam/AdGuardHome v0.107.71+dirty fixed in 0.107.73	0.7% Theoretical Threat	Not Applicable
CVE-2026-47703	NONE0	github.com/AdguardTeam/AdGuardHome v0.107.71+dirty fixed in 0.107.75	—	Not Applicable
CVE-2026-47703	NONE0	github.com/AdguardTeam/dnsproxy v0.78.2 fixed in 0.81.3	—	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.25.5 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.25.5 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable