Vendor scorecard
NetApp
NetApp security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: netapp
Product families
3
Open in latest
1,106
Inferred — see methodology
Last disclosure
Sep 19, 2025
01
Product categories
3 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| StorageGRIDstoragegrid, storagegrid_webscale | 4 | 52 | 11.9.0.8HIGH | ||
| ONTAPdata_ontap, clustered_data_ontap, ontap_select_deploy_administration_utility | 0 | 361 | 9.14.1MED | ||
| OnCommand / ManagementNetwork Management & Monitoringoncommand_unified_manager_core_package, oncommand_system_manager, oncommand_workflow_automation… | 0 | 751 | 4.1MED |
02
Recent CVEs
4 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-26517(opens NVD record) | Medium | 5.4 | StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a privilege escalation vulnerability. Successful exploit could allow an unauthorized authenticated attacker to discover Grid node names and IP addresses or modify Storage Grades. | Sep 19, 2025 |
| CVE-2025-26516(opens NVD record) | Medium | 5.3 | StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Denial of Service vulnerability. Successful exploit could allow an unauthenticated attacker to cause a Denial of Service on the Admin node. | Sep 19, 2025 |
| CVE-2025-26515(opens NVD record) | High | 7.5 | StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 without Single Sign-on enabled are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. Successful exploit could allow an unauthenticated attacker to change the password of any Grid Manager or Tenant Manager non-federated user. | Sep 19, 2025 |
| CVE-2025-26514(opens NVD record) | Medium | 6.4 | StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Reflected Cross-Site Scripting vulnerability. Successful exploit could allow an attacker to view or modify configuration settings or add or modify user accounts but requires the attacker to know specific information about the target instance and then trick a privileged user into clicking a specially crafted link. | Sep 19, 2025 |
4 CVEs · 3 product families