CVE-2026-3179

Name of the Vulnerable Software and Affected Versions ASUSTOR ADM versions 4.1.0 through 4.3.3.ROF1 ASUSTOR ADM versions 5.0.0 through 5.1.2.RE51

Description A path traversal issue exists in the FTP Backup feature of ASUSTOR ADM. The software does not adequately sanitize filenames received from an FTP server when processing directory listings. This allows a malicious server or a man-in-the-middle attacker to create filenames with path traversal sequences, potentially enabling them to write files outside the intended backup directory. Successful exploitation of this issue could lead to arbitrary file overwrites, privilege escalation, or remote code execution.

Recommendations Update ASUSTOR ADM to a version later than 5.1.2.RE51. Update ASUSTOR ADM to a version later than 4.3.3.ROF1.