wid-sec-w-2026-0597 · Published 2026-03-04 · View on BSI CERT-Bund ↗

NetApp Data ONTAP: Vulnerability allows Offenlegung from Informationen

CVSS 5.3 MEDIUM

Risk Summary

ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission.

CVEs (1)

CVE-2026-22052

Affected Vendors

NetApp

Affected Products (14)

NetApp · Data ONTAP <9.12.1P20

NetApp · Data ONTAP 9.12.1P20

NetApp · Data ONTAP <9.13.1P19

NetApp · Data ONTAP 9.13.1P19

NetApp · Data ONTAP <9.14.1P16

NetApp · Data ONTAP 9.14.1P16

NetApp · Data ONTAP <9.15.1P16

NetApp · Data ONTAP 9.15.1P16

NetApp · Data ONTAP <9.16.1P8

NetApp · Data ONTAP 9.16.1P8

NetApp · Data ONTAP <9.17.1P1

NetApp · Data ONTAP 9.17.1P1

NetApp · Data ONTAP <9.18.1

NetApp · Data ONTAP 9.18.1

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more