A proof-of-concept (PoC) exploit has been published for a now-patched critical zero-day vulnerability in ASUSTOR ADM’s PPTP VPN Client, tracked as CVE-2026-6644. Rated Critical with a CVSS v4.0 Base Score of 9.4, the flaw allows an authenticated administrator to execute arbitrary commands with root privileges on affected NAS devices. CVE-2026-6644 refers to an OS command injection vulnerability residing in /portal/apis/settings/vpn.cgi, […] The post PoC Released for Critical ASUSTOR ADM Root RCE Vulnerability appeared first on Cyber Security News.