NetApp Security Advisory on Resolved Vulnerability in StorageGRID
CVE-2026-22048 server-side request forgery vulnerability in StorageGRID (formerly StorageGRID Webscale)
This is a Press Release edited by StorageNewsletter.com on March 5, 2026 at 2:00 pmNetApp, Inc. had published a security advisory concerning resolved vulnerability in StorageGRID (formerly StorageGRID Webscale).
Advisory ID: NTAP-20260217-0001
Version: 1.0
Last updated: 02/17/2026
Status: Final
Affected Products
StorageGRID (formerly StorageGRID Webscale)
Summary
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID (formerly Azure AD) as an IdP are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. Successful exploit could allow an authenticated attacker with low privileges to delete configuration data or deny access to some resources.
Impact
Successful exploitation of this vulnerability could lead to addition or modification of data or Denial of Service (DoS).
Vulnerability Scoring Details
|
CVE |
CVSS Score |
Vector |
|---|---|---|
|
CVE-2026-22048 |
HIGH (7.1) |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H |
Exploitation and Public Announcements
NetApp is aware of public discussion of this vulnerability.
Software Versions and Fixes
NetApp’s currently available patches are listed below.
StorageGRID (formerly StorageGRID Webscale). First Fixed in Release:
- https://mysupport.netapp.com/site/products/all/details/storagegrid/downloads-tab/download/61023/11.9.0.12
- https://mysupport.netapp.com/site/products/all/details/storagegrid/downloads-tab/download/61023/12.0.0.4
Workarounds: Disable Single Sign-on
Obtaining Software Fixes
Software fixes will be made available through the NetApp Support website in the Software Download section.
Customers who do not have access to the Support website should contact Technical Support at the number below to obtain the patches.
Contact Information
Check http://mysupport.netapp.com for further updates. For questions, contact NetApp at:
Technical Support
mysupport.netapp.com
1 888 4 NETAPP (1 888 463 8277) (U.S. and Canada)
+00 800 44 638277 (EMEA/Europe)
+800 800 80 800 (Asia/Pacific)
Status of This Notice: Final
This advisory should be considered the single source of current, up-to-date, authorized and accurate information from NetApp regarding Full Support products and versions.
This advisory is posted at the following link: https://security.netapp.com/advisory/NTAP-20260217-0001
Revision History
|
Revision # |
Date |
Comments |
|---|---|---|
|
1.0 |
20260217 |
Initial Public Release, Final status |
References
NetApp will continue to update this advisory as additional information becomes available.
This advisory should be considered the single source of current, up-to-date, authorized and accurate information from NetApp regarding Full Support products and versions.
This document is provided solely for informational purposes. All information is based upon NetApp’s current knowledge and understanding of the hardware and software products tested by NetApp, and the methodology and assumptions used by NetApp. NetApp is not responsible for any errors or omissions that may be contained herein, and no warranty, representation, or other legal commitment or obligation is being provided by NetApp. © 2026 NetApp, Inc. All rights reserved. No portions of this document may be reproduced without prior written consent of NetApp, Inc.
Subscribe to our free daily newsletter
