AS-2026-004: FTP Backup Date: 2026-02-25 Severity: Important Status: Ongoing Statement Multiple vulnerabilities have been reported in FTP Backup to affect ADM: - An improper certificate validation vulnerability was found in the FTP Backup on the ADM. - A path traversal vulnerability was found in the FTP Backup on the ADM. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.2.RE51. The issues have been fixed on ADM 5.1.2.REO1. Affected Products Details CVE-2026-3100 - Severity: High - CVSS4 Base Score: 8.3 - CVSS4 Vector: - The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. A remote attacker can intercept network traffic to perform a Man-in-the-Middle (MitM) attack. CVE-2026-3179 - Severity: Critical - CVSS4 Base Score: 9.2 - CVSS4 Vector: - The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A malicious server or MITM attacker can craft filenames containing path traversal sequences, causing the client to write files outside the intended backup directory. Reference CVE-2026-3100 CVE-2026-3179 Acknowledgement Nuke Revision