CVE-2026-6643

Name of the Vulnerable Software and Affected Versions ADM versions 4.1.0 through 4.3.3.RR42 ADM versions 5.0.0 through 5.1.2.REO1

Description A stack-based buffer overflow exists in the VPN Clients. The issue is caused by the use of unbounded sscanf() and the direct passing of user-controlled data to printf(). Because Position Independent Executable (PIE) and Stack Canary protections are absent, an authenticated remote attacker can execute arbitrary code as the web server user.

Recommendations Update versions 4.1.0 through 4.3.3.RR42 to a version containing the fix. Update versions 5.0.0 through 5.1.2.REO1 to a version containing the fix.