Skip to main content

Ontap CVE-2026-22050

MEDIUM
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-01-12 security-alert@netapp.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 12, 2026 - 18:15 nvd
MEDIUM 4.3

DescriptionCVE.org

ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 with snapshot locking enabled are susceptible to a vulnerability which could allow a privileged remote attacker to set the snapshot expiry time to none.

AnalysisAI

Ontap versions up to 9.16.1 is affected by authorization bypass through user-controlled key (CVSS 4.3).

Technical ContextAI

This vulnerability (CWE-639: Authorization Bypass Through User-Controlled Key) affects Ontap. ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 with snapshot locking enabled are susceptible to a vulnerability which could allow a privileged remote attacker to set the snapshot expiry time to none.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

More in Ontap

View all
CVE-2024-6387 HIGH POC
8.1 Jul 01

Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to

CVE-2025-26465 MEDIUM
6.8 Feb 18

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. Rated medium severity (CVSS 6.8), this

CVE-2023-27536 MEDIUM POC
5.9 Mar 30

An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously

CVE-2025-24928 HIGH
7.8 Feb 18

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. Rat

CVE-2024-56171 HIGH
7.8 Feb 18

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleID

CVE-2025-1861 MEDIUM
6.3 Mar 30

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsi

CVE-2025-1736 MEDIUM
6.3 Mar 30

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-

CVE-2025-1734 MEDIUM
6.3 Mar 30

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when recei

CVE-2023-27317 MEDIUM
4.6 Dec 15

ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached F

CVE-2026-22052 MEDIUM
4.3 Mar 05

NetApp ONTAP 9.12.1 and later with S3 NAS buckets allows authenticated attackers to enumerate directory contents they la

CVE-2025-0167 LOW POC
3.4 Feb 05

When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used fo

Share

CVE-2026-22050 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy