Primary

Context

N2WS Backup & Recovery Remote Code Execution Vulnerability via RESTful API

Vulnerability

A remote code execution vulnerability has been identified in N2WS Backup & Recovery versions prior to 4.4.0. This vulnerability arises from a two-step exploit targeting the RESTful API, allowing for unauthorized execution of code on the server.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where N2WS Backup & Recovery is running.

Remediation

Users are advised to upgrade to N2WS Backup & Recovery version 4.4.0 or later. For those on version 4.3.1, an upgrade to 4.3.2 is recommended. After upgrading, review API and user activity logs for any unexpected behavior.

Added: Mar 25, 2026, 3:25 PM

Updated: Mar 25, 2026, 3:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

4.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

4.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

N2WS Backup & Recovery Remote Code Execution Vulnerability via RESTful API

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating