Skip to main content

Storagegrid Formerly Storagegrid Webscale

1 CVEs product

Monthly

CVE-2026-22051 LOW PATCH Monitor

StorageGRID versions before 11.9.0.13 and 12.0.0.6 allow authenticated attackers with low privileges to execute arbitrary metrics queries, exposing metric data they lack authorization to access. The vulnerability requires low-privilege authentication and specific timing conditions but poses direct information disclosure risk in multi-tenant or role-restricted deployments where metric visibility should be compartmentalized.

Information Disclosure Storagegrid Formerly Storagegrid Webscale
NVD VulDB
CVSS 4.0
2.3
EPSS
0.0%
EPSS 0% CVSS 2.3
LOW PATCH Monitor

StorageGRID versions before 11.9.0.13 and 12.0.0.6 allow authenticated attackers with low privileges to execute arbitrary metrics queries, exposing metric data they lack authorization to access. The vulnerability requires low-privilege authentication and specific timing conditions but poses direct information disclosure risk in multi-tenant or role-restricted deployments where metric visibility should be compartmentalized.

Information Disclosure Storagegrid Formerly Storagegrid Webscale
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy