HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

Critical SQL Injection (CVE‑2026‑9783) Enables Remote Code Execution in Quest NetVault Backup

A newly disclosed SQL injection vulnerability (CVE‑2026‑9783) in Quest’s NetVault Backup allows remote attackers to bypass authentication and execute arbitrary code as NETWORK SERVICE. The flaw affects all NetVault installations that process NVBURemovableMedia JSON‑RPC messages. For SOC 2‑bound organizations, it highlights gaps in input‑validation controls and the need for continuous evidence of remediation.

LiveThreat™ Intelligence · 📅 June 25, 2026· 📰 zerodayinitiative.com
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
3 recommended
📰
Source
zerodayinitiative.com

Critical SQL Injection (CVE‑2026‑9783) Enables Remote Code Execution in Quest NetVault Backup

What It Is — A SQL‑injection flaw in the NVBURemovableMedia JSON‑RPC handler of Quest NetVault Backup allows an attacker to bypass authentication and run arbitrary code as the NETWORK SERVICE account.

Exploitability — CVSS 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Authentication is required but can be bypassed; proof‑of‑concept code has been released by the researcher.

Affected Products — Quest NetVault Backup (all versions processing NVBURemovableMedia messages).

Why It Matters for Compliance & Audit Readiness

  • SOC 2 CC6.1 (System Operations) mandates documented input‑validation controls; this vulnerability shows the risk when such controls are missing.
  • Continuous control monitoring must capture patch‑management evidence to prove timely remediation to auditors.
  • A defensible audit trail of remediation actions (patch deployment, validation testing) is now a prerequisite for enterprise buyers demanding SOC 2 compliance.

Recommended Actions

  • Deploy Quest’s security update immediately on every NetVault Backup instance.
  • Verify that input‑validation controls for all JSON‑RPC interfaces are documented and enforced.
  • Integrate automated scanning of NetVault versions into your continuous compliance platform to retain audit‑ready evidence of patch status.

Source: Zero Day Initiative Advisory – ZDI‑26‑372

📰 Original Source
http://www.zerodayinitiative.com/advisories/ZDI-26-372/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →