Vulnerability Reportadguard/adguardhome:v0.107.72

adguard/adguardhome:v0.107.72

DIGESTsha256:4956b35b590286e5872fb4336d84a7862a2030c6efb4ca16442580c37d7ba32d

Executive Summary

Threat ScoreCAUTION• 9 exposed vulnerabilities with severity >= 6.0 (max 6.38), indicating multiple denial-of-service and cryptographic integrity risks.• Notable CVEs include CVE-2026-34183 (OpenSSL QUIC memory exhaustion) and CVE-2026-34182 (CMS message forgery).• Image is from a popular community publisher (AdGuard) with high trust score (90/100) and pinned by digest, reducing supply-chain risk.• No critical-severity vulnerabilities (none with severity >= 7.0) and no remote code execution or data exposure findings.

50/100CAUTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (174M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could exploit CVE-2026-34183 to cause denial of service via memory exhaustion, or leverage CVE-2026-34182 to forge CMS messages, potentially bypassing integrity checks. All identified vulnerabilities are in the exposed surface and have medium severity, primarily affecting availability or cryptographic integrity. Updating the base image components (openssl, Go standard library, quic-go) would remediate these issues. Disabling unnecessary features like QUIC or CMS can further reduce the attack surface.

Vulnerabilities

Vulnerability Log

80 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-34183	MEDIUM6.38	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34183	MEDIUM6.38	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-40898	MEDIUM6.38	github.com/quic-go/quic-go v0.59.0 fixed in 0.59.1	0.5% Theoretical Threat	Directly Exposed
CVE-2026-33811	MEDIUM6.38	stdlib v1.25.7 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Directly Exposed
CVE-2026-33814	MEDIUM6.38	stdlib v1.25.7 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-39820	MEDIUM6.38	stdlib v1.25.7 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-39836	MEDIUM6.38	stdlib v1.25.7 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4878	MEDIUM5.95	libcap 2.77-r0 fixed in 2.78-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4878	MEDIUM5.95	libcap2 2.77-r0 fixed in 2.78-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	libssl3 3.5.5-r0 fixed in 3.5.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32282	MEDIUM5.44	stdlib v1.25.7 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32289	MEDIUM5.18	stdlib v1.25.7 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-25679	MEDIUM5.1	stdlib v1.25.7 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32280	MEDIUM5.1	stdlib v1.25.7 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32281	MEDIUM5.1	stdlib v1.25.7 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32283	MEDIUM5.1	stdlib v1.25.7 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-31790	MEDIUM5.02	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	libssl3 3.5.5-r0 fixed in 3.5.6-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-31789	MEDIUM5	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-31789	MEDIUM5	libssl3 3.5.5-r0 fixed in 3.5.6-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-6042	MEDIUM4.67	musl 1.2.5-r21 fixed in 1.2.5-r22	0.2% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-32288	MEDIUM4.67	stdlib v1.25.7 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2022-32175	MEDIUM4.59	github.com/AdguardTeam/AdGuardHome v0.107.72+dirty fixed in 0.108.0-b.16	0.3% Theoretical Threat	Directly Exposed
CVE-2026-27142	MEDIUM4.59	stdlib v1.25.7 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39826	MEDIUM4.59	stdlib v1.25.7 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42507	MEDIUM4.5	stdlib v1.25.7 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-40200	LOW3.98	musl-utils 1.2.5-r21 fixed in 1.2.5-r23	0.1% Theoretical Threat	Post-Exploit
CVE-2026-4878	LOW3.57	libcap-getcap 2.77-r0 fixed in 2.78-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-4878	LOW3.57	libcap-setcap 2.77-r0 fixed in 2.78-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-4878	LOW3.57	libcap-utils 2.77-r0 fixed in 2.78-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-45446	LOW3.15	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45447	LOW2.92	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-45447	LOW2.92	libssl3 3.5.5-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-6042	LOW2.8	musl-utils 1.2.5-r21 fixed in 1.2.5-r22	0.2% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	libssl3 3.5.5-r0 fixed in 3.5.6-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-40200	LOW2.39	musl 1.2.5-r21 fixed in 1.2.5-r23	0.1% Theoretical Threat	Post-Exploit
CVE-2026-22184	LOW2.39	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-28388	LOW2.29	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	0.9% Theoretical Threat	Post-Exploit
CVE-2026-28389	LOW2.29	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28390	LOW2.29	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28388	LOW2.29	libssl3 3.5.5-r0 fixed in 3.5.6-r0	0.9% Theoretical Threat	Post-Exploit
CVE-2026-28389	LOW2.29	libssl3 3.5.5-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28390	LOW2.29	libssl3 3.5.5-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-27139	LOW2.12	stdlib v1.25.7 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Directly Exposed
CVE-2026-32136	NONE0	github.com/AdguardTeam/AdGuardHome v0.107.72+dirty fixed in 0.107.73	0.7% Theoretical Threat	Not Applicable
CVE-2026-47703	NONE0	github.com/AdguardTeam/AdGuardHome v0.107.72+dirty fixed in 0.107.75	—	Not Applicable
CVE-2026-47703	NONE0	github.com/AdguardTeam/dnsproxy v0.78.2 fixed in 0.81.3	—	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.25.7 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.25.7 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.25.7 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.25.7 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.25.7 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable