StorageGRID <11.9.0.13,12.0.0.6: Auth Info Disclosure via Metrics Query
CVE-2026-22051 Published on April 20, 2026
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.13 and 12.0.0.6 are susceptible to a Information Disclosure vulnerability. Successful exploit could allow an authenticated attacker with low privileges to run arbitrary metrics queries, revealing metric results that they do not have access to.
Products Associated with CVE-2026-22051
Want to know whenever a new CVE is published for NetApp Storagegrid? stack.watch will email you.
Affected Versions
NETAPP StorageGRID (formerly StorageGRID Webscale):- Before 11.9.0.13 is affected.
- Before 12.0.0.6 is affected.