Home / Vulnerability Intelligence / CVE-2026-3179

CVE-2026-3179 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: February 26, 2026

ASUSTOR ADM - Path Traversal

Published: February 25, 2026Updated: February 26, 2026Remote Exploitable

Overview

ASUSTOR ADM FTP Backup on Linux x86, ARM 64-bit from 4.1.0 through 4.3.3.ROF1 and 5.0.0 through 5.1.2.RE51 contains a path traversal vulnerability caused by improper limitation of a pathname to a restricted directory, letting attackers access unauthorized files, exploit requires network access.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 34.9%(Probability of exploitation in next 30 days)

Impact

Attackers can access unauthorized files outside intended directories, potentially exposing sensitive data.

Mitigation

Update to a version later than 5.1.2.RE51 or the latest available version.

References

https://www.asustor.com/security/security_advisory_detail?id=53

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 26, 2026

🟠 CVE-2026-3179 - High (8.1) The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A malicious server or MITM attacker can craft filenames containing path traversal sequences, causing the client to write f... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3179/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-3179
Severity: High
CVSS Score: 8.1
Type: path_traversal
Status: confirmed
EPSS: 34.9%
Social Posts: 1

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

34.9%Probability of exploitation in the next 30 days