Ontap
CVE-2026-22052
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission.
AnalysisAI
NetApp ONTAP 9.12.1 and later with S3 NAS buckets allows authenticated attackers to enumerate directory contents they lack authorization to access, resulting in unauthorized information disclosure. An attacker with valid credentials can exploit this to view sensitive file listings without proper permissions. No patch is currently available for this vulnerability.
Technical ContextAI
Classified as CWE-209 (Error Message Information Leak). Affects Ontap. ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. Rated medium severity (CVSS 6.8), this
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. Rat
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleID
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsi
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when recei
ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached F
Ontap versions up to 9.16.1 is affected by authorization bypass through user-controlled key (CVSS 4.3).
When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used fo
Same weakness CWE-209 – Error Message Information Leak
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today