Vulnerability ID: CVE-2026-22048 Advisory ID: NTAP-20260217-0001 Affected Product: StorageGRID (formerly StorageGRID Webscale) Vulnerable Versions: prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID (formerly Azure AD) as an IdP Vulnerability Type: Server-Side Request Forgery (SSRF) Impact: Successful exploit could allow an authenticated attacker with low privileges to delete configuration data or deny access to some resources CVSS Score: 7.1 (HIGH) CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H Public Discussion: NetApp is aware of public discussion of this vulnerability References: NetApp will continue to update this advisory as additional information becomes available