CVE Catalog

CVE-2026-7569

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.67%

47th percentile — higher than 47% of all known CVEs

Summary

A vulnerability in Quest NetVault Backup allows an attacker to bypass authentication via cross-site scripting (XSS) in the viewclient component. User interaction is required, as the target must visit a malicious page or open a malicious file.

Risk Assessment

An attacker can leverage this vulnerability in conjunction with other flaws to execute arbitrary code in the context of SYSTEM, leading to full system compromise.

Recommendation

Immediately update Quest NetVault Backup to the latest patched version and restrict access to the administrative interface to trusted networks only.

Original NVD description (English source)

Quest NetVault Backup viewclient Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the viewclient webpage. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-28202.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS