Snapshot Retention Policy Issue in FlashArray Purity by Pure Storage
CVE-2026-0209

6.9MEDIUM

Key Information:

Vendor: Purestorage
Status: Flasharray
Vendor: CVE Published:; 14 April 2026

🔔 Create Purestorage Vulnerability Alert

What is CVE-2026-0209?

Under specific administrative conditions, Pure Storage's FlashArray Purity may inaccurately apply snapshot retention policies, leading to unintended data retention or deletion scenarios. This could impact data management practices and administrator expectations, highlighting the importance of monitoring configurations to avoid discrepancies.

Affected Version(s)

FlashArray 5.0.0 <= 5.3.21

FlashArray 6.0.0 <= 6.4.10

FlashArray 6.5.0 <= 6.5.12

References

https://support.purestorage.com/bundle/m_security_bulleti...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Oct 30, 2025

CVE-2026-0209 Data

JSON