CVE-2025-26517Incorrect Privilege Assignment in Storagegrid

CWE-266Incorrect Privilege Assignment3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.0%
top 88.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netapp Storagegrid
Timeline
PublishedSep 19

Description

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a privilege escalation vulnerability. Successful exploit could allow an unauthorized authenticated attacker to discover Grid node names and IP addresses or modify Storage Grades.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

CVEListV5netapp/storagegrid< 11.8.0.15+1
NVDnetapp/storagegrid11.9.011.9.0.8+1

🔴Vulnerability Details

2
GHSA
GHSA-7hjq-wmfx-v2h8: StorageGRID (formerly StorageGRID Webscale) versions prior to 112025-09-19
CVEList
CVE-2025-26517 Privilege Escalation Vulnerability in StorageGRID (formerly StorageGRID Webscale)2025-09-19
CVE-2025-26517 — Incorrect Privilege Assignment | cvebase