CVE-2026-9782

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup (affected versions not specified)

Description A flaw in the processing of NVBUDeviceDrive JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from improper validation of a user-supplied string used to construct SQL queries. Although authentication is typically required, the authentication mechanism can be bypassed to exploit this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.