CVE-2026-6644

UNKNOWN 0.0

A command injection vulnerability was found in the PPTP VPN Clients on the ADM

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary code on the underlying operating system. This occurs due to insufficient validation of user-supplied input before it is passed to a system shell. Successful exploitation allows an attacker to achieve Remote Code Execution (RCE) and fully compromise the system. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1.

CWE	CWE-78
Vendor	asustor inc.
Product	adm
Published	Apr 20, 2026

Stay Ahead of the Next One

Get instant alerts for asustor inc. adm

Be the first to know when new unknown vulnerabilities affecting asustor inc. adm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

ASUSTOR Inc. / ADM

4.1.0 ≤ 4.3.3.RR42 5.0.0 ≤ 5.1.2.REO1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

https: https://https://www.asustor.com/security/security_advisory_detail?id=55

Credits

uky