PT-2026-33854 · Netapp · Storagegrid

Published

2026-04-20

Updated

2026-04-21

CVE-2026-22051

CVSS v4.0

2.3

Low

Vector

AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions StorageGRID versions prior to 11.9.0.13 StorageGRID versions prior to 12.0.0.6

Description An information disclosure issue allows an authenticated attacker with low privileges to execute arbitrary metrics queries. This can result in the exposure of metric results that the attacker is not authorized to access.

Recommendations Update to version 11.9.0.13 or later. Update to version 12.0.0.6 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2026-22051

Affected Products

Storagegrid

PT-2026-33854 · Netapp · Storagegrid

CVE-2026-22051

Weakness Enumeration

Related Identifiers

Affected Products

References · 3