HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Critical RCE via SQL Injection (CVE‑2026‑9781) in Quest NetVault Backup

Quest NetVault Backup’s NVBURASDevice component suffers a high‑severity SQL‑injection flaw (CVE‑2026‑9781) that can bypass authentication and execute code as NETWORK SERVICE. The issue highlights the need for robust vulnerability‑management and SOC 2 control mapping to maintain audit readiness.

LiveThreat™ Intelligence · 📅 June 25, 2026· 📰 zerodayinitiative.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
1 sector(s)
Actions
4 recommended
📰
Source
zerodayinitiative.com

Critical RCE via SQL Injection (CVE‑2026‑9781) in Quest NetVault Backup

What It Is — Quest NetVault Backup’s NVBURASDevice component contains an SQL‑injection flaw that lets remote attackers execute arbitrary code. The vulnerability stems from insufficient validation of JSON‑RPC input that is concatenated into SQL statements.

Exploitability — CVSS 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). An exploit requires valid credentials, but the authentication check can be bypassed, making remote code execution feasible in the context of the NETWORK SERVICE account. No public PoC has been released, but the vendor has confirmed the issue and issued a patch.

Affected Products — Quest NetVault Backup (all versions prior to the 14.0.2 update).

Why It Matters for Compliance & Audit Readiness

  • SOC 2 control CC6.1 (System Operations) requires that software components be protected against known vulnerabilities; a missing patch represents a control gap.
  • Continuous evidence of remediation (patch deployment, configuration validation) is essential for audit trails and for demonstrating due diligence to enterprise customers.

Recommended Actions

  • Apply Quest’s 14.0.2 update immediately and verify the patch via checksum.
  • Map the vulnerability to SOC 2 CC6.1 and capture patch‑deployment logs as immutable evidence.
  • Conduct a focused code‑review of any custom JSON‑RPC handling to ensure proper input sanitization.
  • Update your vulnerability‑management workflow to flag any future “authentication‑bypass” findings for rapid escalation.

Source: Zero Day Initiative advisory

📰 Original Source
http://www.zerodayinitiative.com/advisories/ZDI-26-370/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →