Adm · Adm · CVE-2026-6643
**Name of the Vulnerable Software and Affected Versions**
ADM versions 4.1.0 through 4.3.3.RR42
ADM versions 5.0.0 through 5.1.2.REO1
**Description**
A stack-based buffer overflow exists in the VPN Clients. The issue is caused by the use of unbounded sscanf() and the direct passing of user-controlled data to printf(). Because Position Independent Executable (PIE) and Stack Canary protections are absent, an authenticated remote attacker can execute arbitrary code as the web server user.
**Recommendations**
Update versions 4.1.0 through 4.3.3.RR42 to a version containing the fix.
Update versions 5.0.0 through 5.1.2.REO1 to a version containing the fix.