CVE-2026-22051
LOWNetapp StorageGRID (formerly StorageGRID Webscale) < 11.9.0.13 - Information Disclosure
Title source: ruleDescription
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.13 and 12.0.0.6 are susceptible to a Information Disclosure vulnerability. Successful exploit could allow an authenticated attacker with low privileges to run arbitrary metrics queries, revealing metric results that they do not have access to.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://security.netapp.com/advisory/ntap-20260420-0001
Scores
CVSS v4
2.3
EPSS
0.0025
EPSS Percentile
15.7%
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (2)
NETAPP/StorageGRID (formerly StorageGRID Webscale)
< 11.9.0.13
NETAPP/StorageGRID (formerly StorageGRID Webscale)
< 12.0.0.6
Published
Apr 20, 2026
Tracked Since
Apr 21, 2026