PT-2026-20299 · Microsoft+1 · Entra Id+2
Michele Damico
·
Published
2026-02-17
·
Updated
2026-02-23
·
CVE-2026-22048
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H |
Name of the Vulnerable Software and Affected Versions
StorageGRID versions prior to 11.9.0.12
StorageGRID versions prior to 12.0.0.4
Description
StorageGRID, formerly known as StorageGRID Webscale, is affected by a Server-Side Request Forgery (SSRF) issue when Single Sign-on (SSO) is enabled and configured to use Microsoft Entra ID (formerly Azure AD) as an Identity Provider (IdP). A successful exploit allows an authenticated attacker with low privileges to delete configuration data or deny access to resources.
Recommendations
Update StorageGRID to version 11.9.0.12 or later.
Update StorageGRID to version 12.0.0.4 or later.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Azure Ad
Entra Id
Storagegrid