CVE-2026-3179

UNKNOWN 0.0

A path traversal vulnerability was found in the FTP Backup on the ADM.

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A malicious server or MITM attacker can craft filenames containing path traversal sequences, causing the client to write files outside the intended backup directory. A path traversal vulnerability may allow an attacker to overwrite arbitrary files on the system and potentially achieve privilege escalation or remote code execution. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.2.RE51.

CWE	CWE-22
Vendor	asustor
Product	adm
Published	Feb 25, 2026
Last Updated	Feb 25, 2026

Stay Ahead of the Next One

Get instant alerts for asustor adm

Be the first to know when new unknown vulnerabilities affecting asustor adm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

ASUSTOR / ADM

4.1.0 ≤ 4.3.3.ROF1 5.0.0 ≤ 5.1.2.RE51

References

NVD ↗ CVE.org ↗ EPSS Data ↗

asustor.com: https://www.asustor.com/security/security_advisory_detail?id=53

Credits

Nuke