Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (netapp) · only source for this CVE.
CVSS VectorVendor: netapp
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations.
AnalysisAI
Hard-coded credentials embedded in NetApp Active IQ OneCollect 2.7.3 allow any low-privileged authenticated user to perform unauthorized AutoSupport operations beyond their intended authorization scope. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N) confirms network-accessible exploitation with low complexity, requiring only a low-privilege account with no special attack conditions. No public exploit has been identified and the vulnerability does not appear in the CISA KEV catalog at time of analysis.
Technical ContextAI
Active IQ OneCollect is a NetApp data collection agent used to gather and transmit AutoSupport telemetry and diagnostics to NetApp. The vulnerability class corresponds to CWE-798 (Use of Hard-coded Credentials), though the source data lists CWE as N/A - this discrepancy is noted. The CPE string cpe:2.3:a:netapp:active_iq_onecollect:*:*:*:*:*:*:*:* uses a wildcard version field, which may indicate a broader affected range than the single version cited. The CVSS 4.0 vector encodes no direct impact to the vulnerable system itself (VC:N/VI:N/VA:N) but records low confidentiality impact to subsequent systems (SC:L), consistent with AutoSupport operations that may expose configuration data, system topology, or telemetry to unintended recipients or trigger unapproved data submissions.
RemediationAI
Consult the NetApp Security Advisory at https://security.netapp.com/advisory/ntap-20260603-0002 for the official patch - an exact fixed version number is not independently confirmed from the available input data beyond what NetApp has published, so the advisory is the authoritative source for upgrade instructions. As an interim compensating control, restrict network-level access to the Active IQ OneCollect service to trusted administrative accounts only, preventing low-privileged users from reaching the application interface over the network; note that this reduces but does not eliminate risk if low-privileged users require legitimate access. Additionally, audit AutoSupport submission logs for any anomalous or unauthorized activity that may have occurred prior to patching. Disabling AutoSupport entirely eliminates the attack surface but carries the side effect of removing telemetry that NetApp support relies on for proactive case management.
Same weakness CWE-259 – Use of Hard-coded Password
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34184
GHSA-72wm-f78p-qmh9