CVE-2026-6644

CRITICAL

A command injection vulnerability was found in the PPTP VPN Clients on the ADM

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-6644. PoCs published by uky007.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2026-6644, an authenticated OS command injection vulnerability in ASUSTOR ADM's PPTP VPN Client. It includes a minimal local reproducer script and in-depth root cause analysis.

Description

A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary code on the underlying operating system. This occurs due to insufficient validation of user-supplied input before it is passed to a system shell. Successful exploitation allows an attacker to achieve Remote Code Execution (RCE) and fully compromise the system. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1.

Exploits (1)

github WRITEUP

by uky007 · pythonpoc

https://github.com/uky007/CVE-2026-6644

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2026-6644, an authenticated OS command injection vulnerability in ASUSTOR ADM's PPTP VPN Client. It includes a minimal local reproducer script and in-depth root cause analysis.

Classification

Writeup 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ASUSTOR ADM 5.1.2.REO1

Auth required

Prerequisites: authenticated administrator access to ASUSTOR ADM

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 29, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources

https://uky007.github.io/CVE-2026-6644/

Vendor Advisory vendor-advisory

https://https://www.asustor.com/security/security_advisory_detail?id=55

Scores

CVSS v3 9.1

EPSS 0.0035

EPSS Percentile 58.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (3)

asustor/data_master 4.1.0.rhu2 - 4.3.3.RR42

ASUSTOR Inc./ADM 4.1.0 - 4.3.3.RR42

ASUSTOR Inc./ADM 5.0.0 - 5.1.2.REO1

Published Apr 20, 2026

Tracked Since Apr 20, 2026