CVE-2026-22050
MEDIUMNetApp ONTAP 9.16.1-9.16.1P8 & 9.17.1-9.17.1P1 - Auth Bypass via Snapshot Expiry Manipulation
Title source: llmDescription
ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 with snapshot locking enabled are susceptible to a vulnerability which could allow a privileged remote attacker to set the snapshot expiry time to none.
References (1)
Core 1
Core References
Vendor Advisory
https://security.netapp.com/advisory/NTAP-20260112-0001
Scores
CVSS v3
4.3
EPSS
0.0019
EPSS Percentile
8.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-639
Status
published
Products (2)
netapp/ontap
9.16.1 (9 CPE variants)
netapp/ontap
9.17.1 (2 CPE variants)
Published
Jan 12, 2026
Tracked Since
Feb 18, 2026