Quest

Quest Software has a high-severity vulnerability (CVSS 8.8) that can be exploited remotely by an authenticated attacker with no user interaction required, resulting in complete compromise of confidentiality, integrity, and availability. The vulnerability affects Quest's enterprise software products, which are widely used for identity and access management, backup, and IT operations. Security teams should prioritize patching once the vendor releases a fix by the January 22, 2026 deadline, and monitor for any exploitation attempts targeting Quest customers in their environments.