CVE-2026-9787

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup (affected versions not specified)

Description A command injection flaw exists in the processing of NVBULogDaemon JSON-RPC messages. The issue occurs because a user-supplied string is not properly validated before being used in a system call, allowing remote attackers to execute arbitrary code in the context of SYSTEM. Although authentication is typically required, the authentication mechanism can be bypassed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.