CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-26517 – CVE-2025-26517 Privilege Escalation Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2025-26517
19 Sep 2025 — StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a privilege escalation vulnerability. Successful exploit could allow an unauthorized authenticated attacker to discover Grid node names and IP addresses or modify Storage Grades. • https://security.netapp.com/advisory/NTAP-20250910-0004 • CWE-266: Incorrect Privilege Assignment •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-26516 – CVE-2025-26516 Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2025-26516
19 Sep 2025 — StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Denial of Service vulnerability. Successful exploit could allow an unauthenticated attacker to cause a Denial of Service on the Admin node. • https://security.netapp.com/advisory/NTAP-20250910-0003 • CWE-405: Asymmetric Resource Consumption (Amplification) •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-26515 – CVE-2025-26515 Server-Side Request Forgery Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2025-26515
19 Sep 2025 — StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 without Single Sign-on enabled are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. Successful exploit could allow an unauthenticated attacker to change the password of any Grid Manager or Tenant Manager non-federated user. • https://security.netapp.com/advisory/NTAP-20250910-0002 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-26514 – CVE-2025-26514 Reflected Cross-Site Scripting Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2025-26514
19 Sep 2025 — StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Reflected Cross-Site Scripting vulnerability. Successful exploit could allow an attacker to view or modify configuration settings or add or modify user accounts but requires the attacker to know specific information about the target instance and then trick a privileged user into clicking a specially crafted link. • https://security.netapp.com/advisory/NTAP-20250910-0001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21994 – CVE-2024-21994 Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2024-21994
08 Nov 2024 — StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to a service crash. • https://security.netapp.com/advisory/ntap-20241108-0001 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21988 – CVE-2024-21988 SSH Cryptographic Implementation Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2024-21988
14 Jun 2024 — StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH cryptographic implementation. Las versiones de StorageGRID (anteriormente StorageGRID Webscale) anteriores a 11.7.0.9 y 11.8.0.5 son susceptibles a la divulgación de información confidencial a través de ataques MiTM complejos debido a una vulnerabilidad en la implementación criptográfica SSH. • https://security.netapp.com/advisory/ntap-20240614-0010 •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21984 – Reflected Cross-Site Scripting Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2024-21984
16 Feb 2024 — StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a difficult to exploit Reflected Cross-Site Scripting (XSS) vulnerability. Successful exploit requires the attacker to know specific information about the target instance and trick a privileged user into clicking a specially crafted link. This could allow the attacker to view or modify configuration settings or add or modify user accounts. Las versiones de StorageGRID (anteriormente StorageGRID Webscale) anteriores a la 11... • https://security.netapp.com/advisory/ntap-20240216-0013 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21983 – Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2024-21983
16 Feb 2024 — StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to an out of memory condition or node reboot. Las versiones de StorageGRID (anteriormente StorageGRID Webscale) anteriores a la 11.8 son susceptibles a una vulnerabilidad de denegación de servicio (DoS). La explotación exitosa por parte de un atacante autenticado podría provocar una condición de falta de memoria o el reinici... • https://security.netapp.com/advisory/ntap-20240216-0012 • CWE-248: Uncaught Exception •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27318 – Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2023-27318
05 Feb 2024 — StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to a crash of the Local Distribution Router (LDR) service. Las versiones 11.6.0 a 11.6.0.13 de StorageGRID (anteriormente StorageGRID Webscale) son susceptibles a una vulnerabilidad de denegación de servicio (DoS). Un exploit exitoso podría provocar una falla del servicio Local Distribution Router (LDR). • https://security.netapp.com/advisory/NTAP-20240202-0012 • CWE-248: Uncaught Exception •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38734
https://notcve.org/view.php?id=CVE-2022-38734
02 Mar 2023 — StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0.8 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to to a crash of the Local Distribution Router (LDR) service. • https://security.netapp.com/advisory/ntap-20230228-0001 • CWE-400: Uncontrolled Resource Consumption •