Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-26515

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 without Single Sign-on enabled are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. Successful exploit could allow an unauthenticated attacker to change the password of any Grid Manager or Tenant Manager non-federated user.

Published

2025-09-19T19:15:38.540

Last Modified

2025-09-23T14:31:27.840

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-918

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	netapp	storagegrid	< 11.8.0.15	Yes
Application	netapp	storagegrid	< 11.9.0.8	Yes

References

https://security.netapp.com/advisory/NTAP-20250910-0002 Vendor Advisory ([email protected])