Skip to main content

Ontap CVE-2026-22052

MEDIUM
Error Message Information Leak (CWE-209)
2026-03-05 security-alert@netapp.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:06 vuln.today
CVE Published
Mar 05, 2026 - 00:15 nvd
MEDIUM 4.3

DescriptionCVE.org

ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission.

AnalysisAI

NetApp ONTAP 9.12.1 and later with S3 NAS buckets allows authenticated attackers to enumerate directory contents they lack authorization to access, resulting in unauthorized information disclosure. An attacker with valid credentials can exploit this to view sensitive file listings without proper permissions. No patch is currently available for this vulnerability.

Technical ContextAI

Classified as CWE-209 (Error Message Information Leak). Affects Ontap. ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

More in Ontap

View all
CVE-2024-6387 HIGH POC
8.1 Jul 01

Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to

CVE-2025-26465 MEDIUM
6.8 Feb 18

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. Rated medium severity (CVSS 6.8), this

CVE-2023-27536 MEDIUM POC
5.9 Mar 30

An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously

CVE-2025-24928 HIGH
7.8 Feb 18

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. Rat

CVE-2024-56171 HIGH
7.8 Feb 18

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleID

CVE-2025-1861 MEDIUM
6.3 Mar 30

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsi

CVE-2025-1736 MEDIUM
6.3 Mar 30

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-

CVE-2025-1734 MEDIUM
6.3 Mar 30

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when recei

CVE-2023-27317 MEDIUM
4.6 Dec 15

ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached F

CVE-2026-22050 MEDIUM
4.3 Jan 12

Ontap versions up to 9.16.1 is affected by authorization bypass through user-controlled key (CVSS 4.3).

CVE-2025-0167 LOW POC
3.4 Feb 05

When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used fo

Share

CVE-2026-22052 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy