PatchSiren cyber security CVE debrief
CVE-2026-22051 NETAPP CVE debrief
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-04-20T22:16:23.367Z and has not been modified since then. This Information Disclosure vulnerability in Netapp Storagegrid versions prior to 11.9.0.13 and 12.0.0.6 allows an authenticated attacker with low privileges to run arbitrary metrics queries, revealing metric results that they do not have access to. Users should review and apply patches as necessary.
- Vendor
- NETAPP
- Product
- StorageGRID (formerly StorageGRID Webscale)
- CVSS
- LOW 2.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-20
- Original CVE updated
- 2026-07-08
- Advisory published
- 2026-04-20
- Advisory updated
- 2026-07-08
Who should care
Users of Netapp Storagegrid prior to 11.9.0.13 and 12.0.0.6 should review and apply patches. Affected operators, platforms, and security teams should verify installed versions and monitor system logs for potential exploitation.
Technical summary
CVE-2026-22051 is an Information Disclosure vulnerability in Netapp Storagegrid versions prior to 11.9.0.13 and 12.0.0.6. Successful exploit could allow an authenticated attacker with low privileges to run arbitrary metrics queries, revealing metric results that they do not have access to. Defensive impact includes reviewing system logs for suspicious activity and restricting access to metrics queries.
Defensive priority
Low priority due to CVSS score of 2.3 and limited impact.
Recommended defensive actions
- Inventory and verify installed StorageGRID versions
- Apply vendor patches for affected versions
- Monitor system logs for suspicious activity
- Restrict access to metrics queries
- Review compensating controls for exposed systems
- Track exceptions and retest remediated assets
- Check relevant monitoring, detection, and logs for exposed assets
Evidence notes
Evidence from official CVE and NVD sources indicate vulnerability exists in StorageGRID versions prior to 11.9.0.13 and 12.0.0.6. Evidence limits suggest defenders verify installed versions, review system logs, and monitor for suspicious activity. Defensive verification tasks include reviewing official advisories and applying vendor patches.
Official resources
-
CVE-2026-22051 CVE record
CVE.org
-
CVE-2026-22051 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-04-20T22:16:23.367Z and has not been modified since then.