Information Disclosure in StorageGRID Products by NetApp
CVE-2026-22051

2.3LOW

Key Information:

Vendor: Netapp
Status: Storagegrid (formerly Storagegrid Webscale)
Vendor: CVE Published:; 20 April 2026

What is CVE-2026-22051?

NetApp's StorageGRID, particularly versions prior to 11.9.0.13 and 12.0.0.6, is impacted by an information disclosure vulnerability. This flaw allows authenticated attackers with low privileges to execute arbitrary metrics queries, which can potentially expose sensitive metric results that should remain inaccessible to them. Organizations using affected versions should prioritize updating their systems to mitigate this risk.

Affected Version(s)

StorageGRID (formerly StorageGRID Webscale) 0 < 11.9.0.13

StorageGRID (formerly StorageGRID Webscale) 0 < 12.0.0.6

References

https://security.netapp.com/advisory/ntap-20260420-0001

vendor-advisory

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 20, 2026
Vulnerability Reserved
Jan 5, 2026

CVE-2026-22051 Data

JSON

Netapp

What is CVE-2026-22051?

Affected Version(s)

References

CVSS V4

Timeline