CVE-2026-3100

UNKNOWN 0.0

An improper certificate validation vulnerability was found in the FTP Backup on the ADM.

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper validated TLS/SSL certificates allows a remote attacker can intercept network traffic to perform a Man-in-the-Middle (MitM) attack, which may intercept, modify, or obtain sensitive information such as authentication credentials and backup data. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.2.RE51.

CWE	CWE-295
Vendor	asustor
Product	adm
Published	Feb 25, 2026
Last Updated	Feb 27, 2026

Stay Ahead of the Next One

Get instant alerts for asustor adm

Be the first to know when new unknown vulnerabilities affecting asustor adm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

ASUSTOR / ADM

4.1.0 ≤ 4.3.3.ROF1 5.0.0 ≤ 5.1.2.RE51

References

NVD ↗ CVE.org ↗ EPSS Data ↗

asustor.com: https://www.asustor.com/security/security_advisory_detail?id=53

Credits

Nuke