CVSS: 2.3EPSS: 0%CPEs: 2EXPL: 0CVE-2026-22051
https://notcve.org/view.php?id=CVE-2026-22051
20 Apr 2026 — StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.13 and 12.0.0.6 are susceptible to a Information Disclosure vulnerability. Successful exploit could allow an authenticated attacker with low privileges to run arbitrary metrics queries, revealing metric results that they do not have access to. • https://security.netapp.com/advisory/ntap-20260420-0001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-22052
https://notcve.org/view.php?id=CVE-2026-22052
04 Mar 2026 — ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission. Las versiones de ONTAP 9.12.1 y superiores con buckets S3 NAS son susceptibles a una vulnerabilidad de revelación de información. Un exploit exitoso podría permitir a un atacante autenticado ver un listado de los contenidos en un directorio para el cual carecen... • https://security.netapp.com/advisory/NTAP-20260304-0001 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-22048
https://notcve.org/view.php?id=CVE-2026-22048
17 Feb 2026 — StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID (formerly Azure AD) as an IdP are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. Successful exploit could allow an authenticated attacker with low privileges to delete configuration data or deny access to some resources. • https://security.netapp.com/advisory/NTAP-20260217-0001 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-26517 – CVE-2025-26517 Privilege Escalation Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2025-26517
19 Sep 2025 — StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a privilege escalation vulnerability. Successful exploit could allow an unauthorized authenticated attacker to discover Grid node names and IP addresses or modify Storage Grades. • https://security.netapp.com/advisory/NTAP-20250910-0004 • CWE-266: Incorrect Privilege Assignment •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-26516 – CVE-2025-26516 Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2025-26516
19 Sep 2025 — StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Denial of Service vulnerability. Successful exploit could allow an unauthenticated attacker to cause a Denial of Service on the Admin node. • https://security.netapp.com/advisory/NTAP-20250910-0003 • CWE-405: Asymmetric Resource Consumption (Amplification) •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-26515 – CVE-2025-26515 Server-Side Request Forgery Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2025-26515
19 Sep 2025 — StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 without Single Sign-on enabled are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. Successful exploit could allow an unauthenticated attacker to change the password of any Grid Manager or Tenant Manager non-federated user. • https://security.netapp.com/advisory/NTAP-20250910-0002 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-26514 – CVE-2025-26514 Reflected Cross-Site Scripting Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2025-26514
19 Sep 2025 — StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Reflected Cross-Site Scripting vulnerability. Successful exploit could allow an attacker to view or modify configuration settings or add or modify user accounts but requires the attacker to know specific information about the target instance and then trick a privileged user into clicking a specially crafted link. • https://security.netapp.com/advisory/NTAP-20250910-0001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26513
https://notcve.org/view.php?id=CVE-2025-26513
07 Aug 2025 — The installer for SAN Host Utilities for Windows versions prior to 8.0 is susceptible to a vulnerability which when successfully exploited could allow a local user to escalate their privileges. El instalador de SAN Host Utilities para versiones de Windows anteriores a la 8.0 es susceptible a una vulnerabilidad que, si se explota con éxito, podría permitir a un usuario local aumentar sus privilegios. • https://security.netapp.com/advisory/NTAP-20250806-0001 • CWE-269: Improper Privilege Management •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26512 – CVE-2025-26512 Privilege Escalation Vulnerability in SnapCenter
https://notcve.org/view.php?id=CVE-2025-26512
24 Mar 2025 — SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed. • https://security.netapp.com/advisory/NTAP-20250324-0001 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.1EPSS: 61%CPEs: 31EXPL: 2CVE-2025-26465 – Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled
https://notcve.org/view.php?id=CVE-2025-26465
18 Feb 2025 — A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high. ssh(1) contains a logic error that allows an on-path attacker ... • https://github.com/rxerium/CVE-2025-26465 • CWE-390: Detection of Error Condition Without Action •