CVE-2026-6643

UNKNOWN 0.0

A stack-based buffer overflow vulnerability in the VPN Clients on the ADM

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to execute arbitrary code as the web server user. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1.

CWE	CWE-121
Vendor	asustor inc.
Product	adm
Published	Apr 20, 2026

Stay Ahead of the Next One

Get instant alerts for asustor inc. adm

Be the first to know when new unknown vulnerabilities affecting asustor inc. adm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

ASUSTOR Inc. / ADM

4.1.0 ≤ 4.3.3.RR42 5.0.0 ≤ 5.1.2.REO1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

asustor.com: https://www.asustor.com/security/security_advisory_detail?id=54

Credits

YU-XIANG HUANG (mlgzackfly)