Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-26514

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Reflected Cross-Site Scripting vulnerability. Successful exploit could allow an attacker to view or modify configuration settings or add or modify user accounts but requires the attacker to know specific information about the target instance and then trick a privileged user into clicking a specially crafted link.

Published

2025-09-19T19:15:38.367

Last Modified

2025-09-23T14:32:00.057

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	netapp	storagegrid	< 11.8.0.15	Yes
Application	netapp	storagegrid	< 11.9.0.8	Yes

References

https://security.netapp.com/advisory/NTAP-20250910-0001 Vendor Advisory ([email protected])