CVE Catalog

CVE-2026-9780

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.67%

47th percentile — higher than 47% of all known CVEs

Summary

A vulnerability in Quest NetVault Backup's addclient3 component allows an attacker to bypass authentication via script injection. User interaction is required, as the target must visit a malicious page or open a malicious file.

Risk Assessment

An attacker can leverage this vulnerability with other flaws to execute arbitrary code in the SYSTEM context, leading to full compromise of the backup server.

Recommendation

Immediately update Quest NetVault Backup to the latest version available from the vendor and restrict access to the management interface to trusted networks only.

Original NVD description (English source)

Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addclient3 webpage. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27666.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS