HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Critical SQL Injection RCE in Quest NetVault Backup (CVE‑2026‑9782) Threatens Backup Infrastructure

Quest NetVault Backup contains a high‑severity SQL injection that lets attackers bypass authentication and execute code as NETWORK SERVICE. The flaw impacts SOC 2 logical‑access and system‑operations controls, making timely remediation essential for audit readiness.

LiveThreat™ Intelligence · 📅 June 25, 2026· 📰 zerodayinitiative.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
1 sector(s)
Actions
3 recommended
📰
Source
zerodayinitiative.com

Critical SQL Injection RCE in Quest NetVault Backup (CVE‑2026‑9782) Threatens Backup Infrastructure

What It Is — A remote‑code‑execution flaw in Quest NetVault Backup’s NVBUDeviceDrive JSON‑RPC handling allows an attacker to bypass authentication, inject malicious SQL, and execute code as the NETWORK SERVICE account.

Exploitability — No public exploit code is known, but the vulnerability is rated CVSS 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The authentication bypass makes exploitation feasible for a determined adversary.

Affected Products – Quest NetVault Backup (all versions prior to the 14.0.2 update).

Why It Matters for Compliance & Audit Readiness

  • Control Mapping: The flaw maps directly to SOC 2 CC6.1 (Logical Access) and CC6.2 (System Operations) – gaps must be documented and remediated to maintain a defensible audit trail.
  • Continuous Evidence: Demonstrating timely patching and validation of input‑validation controls provides concrete evidence for auditors and enterprise buyers demanding SOC 2 compliance.
  • Due‑Diligence: Enterprises that rely on third‑party backup services must verify that vendors have robust secure‑coding practices and continuous monitoring in place.

Recommended Actions

  • Apply Quest’s 14.0.2 security update immediately.
  • Verify that input validation for all JSON‑RPC endpoints is enforced; conduct a code‑review focused on SQL query construction.
  • Map the vulnerability to SOC 2 CC6.1/CC6.2 controls in your compliance framework and capture patch‑deployment evidence for audit readiness.
  • Enable continuous monitoring of backup service logs for anomalous “NETWORK SERVICE” activity.

Source: Zero Day Initiative Advisory – ZDI‑26‑371

📰 Original Source
http://www.zerodayinitiative.com/advisories/ZDI-26-371/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →