AdGuardHome

v0.107.75 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 15d Privacy & Ad-blocking

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

adblock adguard dns dns-over-https dns-over-quic dns-over-tls

+3 more

dnscrypt go privacy

Affected surfaces

deps breaking_upgrade

Summary

AI summary

Critical vulnerability in DNS-over-QUIC and DNS-over-HTTPS fixed (GHSA-xgx4-4h9w-53pv).

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	Request IDs for DoH and DoQ forwarded to plain-DNS upstreams now set to non-zero values. Request IDs for DoH and DoQ forwarded to plain-DNS upstreams now set to non-zero values. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high	—
Security	Medium	Fixed critical vulnerability in DNS-over-QUIC and DNS-over-HTTPS affecting DNS privacy. Fixed critical vulnerability in DNS-over-QUIC and DNS-over-HTTPS affecting DNS privacy. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: low	—
Feature	Medium	`enable_dnssec` configuration now controls DO flag setting for upstream DNS requests. `enable_dnssec` configuration now controls DO flag setting for upstream DNS requests. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: low	—
Dependency	Medium	Updated Go version to 1.26.3, removing known vulnerabilities in its libraries. Updated Go version to 1.26.3, removing known vulnerabilities in its libraries. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high	—
Bugfix
Bugfix	Medium	Resolved statistics database deadlock issue (#8359). Resolved statistics database deadlock issue (#8359). Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high	—
Bugfix	Medium	Translated labels on DNS settings pages update correctly after UI language change. Translated labels on DNS settings pages update correctly after UI language change. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: low	—
Bugfix	Medium	Dashboard charts display lower query counts accurately (#6823). Dashboard charts display lower query counts accurately (#6823). Source: granite4.1:8b-q6_K@2026-05-19 Confidence: low	—
Bugfix	Medium	Removed redundant DHCP validation warnings when DHCP is disabled (#8348). Removed redundant DHCP validation warnings when DHCP is disabled (#8348). Source: granite4.1:8b-q6_K@2026-05-19 Confidence: low	—
Bugfix	Medium	Safe Browsing and Parental Control labels update after UI language change. Safe Browsing and Parental Control labels update after UI language change. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: low	—

Full changelog

This update gives AdGuard Home a solid security upgrade — think of it as tightening the locks and double-checking the doors.

We’ve fixed a critical vulnerability affecting DNS-over-QUIC and DNS-over-HTTPS that could put your DNS privacy at risk. The gap is now closed, and your encrypted traffic is back to traveling through a properly armored tunnel.

We also updated Go to the latest version, sweeping out known vulnerabilities in its libraries.

Acknowledgments

A special thanks to @N0zoM1z0 for reporting the vulnerability, our community moderators team and to everyone who filed and inspected issues, added translations, and helped us test this release!

Full changelog

See also the v0.107.75 GitHub milestone.

Security

Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.26.3.
IDs of requests received over DoH and DoQ and forwarded to plain-DNS upstreams are now set to non-zero values to improve security.

This is GHSA-xgx4-4h9w-53pv. We thank @N0zoM1z0 for reporting this security issue.

Changed

Frontend API requests no longer depend on axios.
Dashboard charts use Recharts instead of Nivo.
enable_dnssec in dns configuration now defines whether the proxy should set the DO flag in the upstream requests, the default is true (#7046).

Fixed

Statistics database deadlock (#8359).
Translated labels on the DNS settings pages not updating after changing the UI language.
Dashboard charts now correctly display lower query counts (#6823).
Redundant validation warnings about DHCP when it's disabled (#8348).
Safe Browsing and Parental Control labels on the General Settings page not updating after changing the UI language.

Security Fixes

GHSA-xgx4-4h9w-53pv — fixed critical vulnerability affecting DNS-over-QUIC and DNS-over-HTTPS, updating Go to version 1.26.3 to prevent related library exploits

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track AdGuardHome

Get notified when new releases ship.

About AdGuardHome

Network-wide ads & trackers blocking DNS server

All releases →

AdGuardHome

Summary

Changes in this release

Acknowledgments

Full changelog

Security

Changed

Fixed

Security Fixes

Related context

Related tools