Quest

Quest Software, a provider of IT management and security solutions, has a high-severity vulnerability (CVSS 8.8) that can be exploited remotely by authenticated users without user interaction, potentially allowing attackers to compromise confidentiality, integrity, and availability of affected systems. The attack requires valid credentials but is easy to execute over the network with no special conditions needed. Security teams should monitor for any patches from Quest expected by late January 2026 and prioritize access controls for Quest products in the interim.