Tuesday, 31 March, 2026
Critical Pre-Auth Vulnerabilities in Commvault Let Hackers Achieve RCE Without Logging In
By Isha
Security researchers have uncovered four serious pre-authentication exploit chains in Commvault versions earlier than 11.36.60 that enable remote code execution (RCE) without requiring credentials. These flaws include CVE-2025-57788—a login mechanism bypass—and CVE-2025-57789, which exploits default credentials during initial setup to grant admin privileges. Commvault has issued updates to fix these critical issues.
Read full story at The Hacker News