Skip to main content

Active IQ OneCollect CVE-2026-22055

| EUVDEUVD-2026-34184 MEDIUM
Use of Hard-coded Password (CWE-259)
2026-06-03 netapp GHSA-72wm-f78p-qmh9
5.3
CVSS 4.0 · Vendor: netapp
Share

Severity by source

Vendor (netapp) PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (netapp) · only source for this CVE.

CVSS VectorVendor: netapp

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 03, 2026 - 22:36 vuln.today
CVSS changed
Jun 03, 2026 - 22:22 NVD
5.3 (MEDIUM)

DescriptionCVE.org

Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations.

AnalysisAI

Hard-coded credentials embedded in NetApp Active IQ OneCollect 2.7.3 allow any low-privileged authenticated user to perform unauthorized AutoSupport operations beyond their intended authorization scope. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N) confirms network-accessible exploitation with low complexity, requiring only a low-privilege account with no special attack conditions. No public exploit has been identified and the vulnerability does not appear in the CISA KEV catalog at time of analysis.

Technical ContextAI

Active IQ OneCollect is a NetApp data collection agent used to gather and transmit AutoSupport telemetry and diagnostics to NetApp. The vulnerability class corresponds to CWE-798 (Use of Hard-coded Credentials), though the source data lists CWE as N/A - this discrepancy is noted. The CPE string cpe:2.3:a:netapp:active_iq_onecollect:*:*:*:*:*:*:*:* uses a wildcard version field, which may indicate a broader affected range than the single version cited. The CVSS 4.0 vector encodes no direct impact to the vulnerable system itself (VC:N/VI:N/VA:N) but records low confidentiality impact to subsequent systems (SC:L), consistent with AutoSupport operations that may expose configuration data, system topology, or telemetry to unintended recipients or trigger unapproved data submissions.

RemediationAI

Consult the NetApp Security Advisory at https://security.netapp.com/advisory/ntap-20260603-0002 for the official patch - an exact fixed version number is not independently confirmed from the available input data beyond what NetApp has published, so the advisory is the authoritative source for upgrade instructions. As an interim compensating control, restrict network-level access to the Active IQ OneCollect service to trusted administrative accounts only, preventing low-privileged users from reaching the application interface over the network; note that this reduces but does not eliminate risk if low-privileged users require legitimate access. Additionally, audit AutoSupport submission logs for any anomalous or unauthorized activity that may have occurred prior to patching. Disabling AutoSupport entirely eliminates the attack surface but carries the side effect of removing telemetry that NetApp support relies on for proactive case management.

Share

CVE-2026-22055 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy