CVE-2026-9780

Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addclient3 webpage. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27666.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.quest.com/technical-documents/netvault/14.0.2/release-notes#TOPIC-2338529	Release Notes
https://www.zerodayinitiative.com/advisories/ZDI-26-369/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:quest:netvault_backup:*:*:*:*:*:*:*:*

History

26 Jun 2026, 02:04

Type	Values Removed	Values Added
First Time		Quest Quest netvault Backup
References	~~() https://support.quest.com/technical-documents/netvault/14.0.2/release-notes#TOPIC-2338529 -~~	() https://support.quest.com/technical-documents/netvault/14.0.2/release-notes#TOPIC-2338529 - Release Notes
References	~~() https://www.zerodayinitiative.com/advisories/ZDI-26-369/ -~~	() https://www.zerodayinitiative.com/advisories/ZDI-26-369/ - Vendor Advisory
CPE		cpe:2.3:a:quest:netvault_backup::::::::

25 Jun 2026, 00:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-06-25 00:17

Updated : 2026-06-26 02:04

NVD link : CVE-2026-9780

Mitre link : CVE-2026-9780

CVE.ORG link : CVE-2026-9780

JSON object : View

Products Affected

quest

netvault_backup

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2026-9780", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-9780", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2026-06-25T12:47:12.693151Z"}}], "cvssMetricV30": [{"type": "Secondary", "source": "zdi-disclosures@trendmicro.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "affected": [{"source": "zdi-disclosures@trendmicro.com", "affectedData": [{"vendor": "Quest", "product": "NetVault Backup", "versions": [{"status": "affected", "version": "14.0.1.7"}], "defaultStatus": "unknown"}]}], "published": "2026-06-25T00:17:48.187", "references": [{"url": "https://support.quest.com/technical-documents/netvault/14.0.2/release-notes#TOPIC-2338529", "tags": ["Release Notes"], "source": "zdi-disclosures@trendmicro.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-369/", "tags": ["Vendor Advisory"], "source": "zdi-disclosures@trendmicro.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "zdi-disclosures@trendmicro.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the addclient3 webpage. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27666."}], "lastModified": "2026-06-26T02:04:10.620", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:quest:netvault_backup:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B90F1C8A-90F9-4621-8C79-D7BF2F0434DB", "versionEndExcluding": "14.0.2"}], "operator": "OR"}]}], "sourceIdentifier": "zdi-disclosures@trendmicro.com"}