StorageGRID <11.9.0.13,12.0.0.6: Auth Info Disclosure via Metrics Query
CVE-2026-22051 Published on April 20, 2026
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.13 and 12.0.0.6 are susceptible to a Information Disclosure vulnerability. Successful exploit could allow an authenticated attacker with low privileges to run arbitrary metrics queries, revealing metric results that they do not have access to.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2026-22051 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2026-22051
Want to know whenever a new CVE is published for NetApp Storagegrid? stack.watch will email you.
Affected Versions
NETAPP StorageGRID (formerly StorageGRID Webscale):- Before 11.9.0.13 is affected.
- Before 12.0.0.6 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.