Pre-auth Exploit Chains Found in Commvault Releases
🔒 Commvault has released fixes for four vulnerabilities in versions prior to 11.36.60 that could enable unauthenticated attackers to achieve remote code execution. The flaws include an unauthenticated API access bug, a setup-time default credential exposure, a path traversal allowing filesystem access, and command-line argument injection that can elevate low-privilege sessions. Patches are available in 11.32.102 and 11.36.60; Commvault SaaS is not affected.
