CVE-2026-9783

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup (affected versions not specified)

Description A flaw in the processing of NVBURemovableMedia JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue is caused by insufficient validation of a user-supplied string used to construct SQL queries, leading to SQL injection. Although authentication is typically required, the authentication mechanism can be bypassed to exploit this flaw.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.