CVE-2025-26514
BaseFortify
Publication date: 2025-09-19
Last updated on: 2025-09-23
Assigner: NetApp, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netapp | storagegrid | to 11.8.0.15 (exc) |
| netapp | storagegrid | From 11.9.0 (inc) to 11.9.0.8 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Reflected Cross-Site Scripting (XSS) issue in StorageGRID versions prior to 11.8.0.15 and 11.9.0.8. An attacker who knows specific information about the target instance can trick a privileged user into clicking a specially crafted link, which could then allow the attacker to view or modify configuration settings or add or modify user accounts.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker to view or change configuration settings or add or modify user accounts in the affected StorageGRID system. This could lead to unauthorized access, changes to system configurations, or privilege escalation, potentially compromising the security and integrity of the system.