{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22050", "assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d", "state": "PUBLISHED", "assignerShortName": "netapp", "dateReserved": "2026-01-05T22:47:18.701Z", "datePublished": "2026-01-12T17:15:07.484Z", "dateUpdated": "2026-01-13T17:30:51.952Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ONTAP 9", "vendor": "NETAPP", "versions": [{"lessThan": "9.16.1P9", "status": "affected", "version": "9.16.1", "versionType": "custom"}, {"lessThan": "9.17.1P2", "status": "affected", "version": "9.17.1", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 with snapshot locking enabled are susceptible to a vulnerability which could allow a privileged remote attacker to set the snapshot expiry time to none."}], "value": "ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 with snapshot locking enabled are susceptible to a vulnerability which could allow a privileged remote attacker to set the snapshot expiry time to none."}], "metrics": [{"cvssV4_0": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "639", "lang": "en"}]}], "providerMetadata": {"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d", "shortName": "netapp", "dateUpdated": "2026-01-12T17:15:07.484Z"}, "references": [{"url": "https://security.netapp.com/advisory/NTAP-20260112-0001"}], "source": {"advisory": "NTAP-20260112-0001", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-639", "lang": "en", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-12T17:36:52.693542Z", "id": "CVE-2026-22050", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T17:30:51.952Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22050", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-12T17:36:52.693542Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-12T17:36:56.967Z"}}], "cna": {"source": {"advisory": "NTAP-20260112-0001", "discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 6.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NETAPP", "product": "ONTAP 9", "versions": [{"status": "affected", "version": "9.16.1", "lessThan": "9.16.1P9", "versionType": "custom"}, {"status": "affected", "version": "9.17.1", "lessThan": "9.17.1P2", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://security.netapp.com/advisory/NTAP-20260112-0001"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 with snapshot locking enabled are susceptible to a vulnerability which could allow a privileged remote attacker to set the snapshot expiry time to none.", "supportingMedia": [{"type": "text/html", "value": "ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 with snapshot locking enabled are susceptible to a vulnerability which could allow a privileged remote attacker to set the snapshot expiry time to none.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "639"}]}], "providerMetadata": {"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d", "shortName": "netapp", "dateUpdated": "2026-01-12T17:15:07.484Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22050", "state": "PUBLISHED", "dateUpdated": "2026-01-13T17:30:51.952Z", "dateReserved": "2026-01-05T22:47:18.701Z", "assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d", "datePublished": "2026-01-12T17:15:07.484Z", "assignerShortName": "netapp"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:ontap:9.16.1:-:*:*:*:*:*:*", "matchCriteriaId": "3F4EEB2C-B5F1-4FC0-BDCA-FC5D479A3D2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:ontap:9.16.1:p1:*:*:*:*:*:*", "matchCriteriaId": "8503543F-FF0B-40DE-8073-5981BB4C417F", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:ontap:9.16.1:p2:*:*:*:*:*:*", "matchCriteriaId": "03D060CA-5C40-4300-897A-D61F0CE3903E", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:ontap:9.16.1:p3:*:*:*:*:*:*", "matchCriteriaId": "6487FE18-83D0-4FB4-B03B-1F40E3C683DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:ontap:9.16.1:p4:*:*:*:*:*:*", "matchCriteriaId": "642705FE-F97A-4371-B10D-682750C5C918", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:ontap:9.16.1:p5:*:*:*:*:*:*", "matchCriteriaId": "EACF23BF-CDD4-45C4-A60D-F2A020E243DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:ontap:9.16.1:p6:*:*:*:*:*:*", "matchCriteriaId": "4ECC94D1-F228-45FD-9AE3-EA29AA76CC9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:ontap:9.16.1:p7:*:*:*:*:*:*", "matchCriteriaId": "05D4E5E5-9F21-42B5-9793-9107F7F0A769", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:ontap:9.16.1:p8:*:*:*:*:*:*", "matchCriteriaId": "6B40BBA5-F1A6-459F-8445-855F522B26A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:ontap:9.17.1:-:*:*:*:*:*:*", "matchCriteriaId": "84FA12AE-00D5-4BAC-90D1-0B2003487DE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:ontap:9.17.1:p1:*:*:*:*:*:*", "matchCriteriaId": "B98EBF4C-1A89-488C-B6C7-7306DA6867E4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 with snapshot locking enabled are susceptible to a vulnerability which could allow a privileged remote attacker to set the snapshot expiry time to none."}], "id": "CVE-2026-22050", "lastModified": "2026-01-22T17:58:22.053", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-alert@netapp.com", "type": "Secondary"}]}, "published": "2026-01-12T18:15:48.983", "references": [{"source": "security-alert@netapp.com", "tags": ["Vendor Advisory"], "url": "https://security.netapp.com/advisory/NTAP-20260112-0001"}], "sourceIdentifier": "security-alert@netapp.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T07:01:48.754753+00:00", "value": {"mitigation_remediation": ["Upgrade the affected ONTAP installations to version 9.16.1P9 or 9.17.1P2 or later.", "Disable snapshot locking until the patch is applied.", "Implement storage usage monitoring to detect anomalous growth of snapshots."], "summary": {"action": "Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "NetApp ONTAP 9.16.1 versions prior to P9 and 9.17.1 versions prior to P2, when snapshot locking is enabled.", "description_and_impact": "The vulnerability allows a privileged remote attacker to configure snapshot expiration to none on NetApp ONTAP 9, meaning snapshots will never be automatically purged. This can lead to unbounded growth of stored data, potentially exhausting storage capacity and violating retention policies. The weakness is a lack of proper access control, represented by CWE\u2011639.", "risk_and_exploitability": "The CVSS score of 6.9 indicates a medium risk level. The EPSS score of less than 1% shows a very low probability of exploitation at present. The vulnerability is not yet listed in the CISA KEV catalog. It requires a privileged user with network access to the ONTAP management interface; the attacker must be able to send configuration commands over the network. Because of the limited target scope, the potential impact is confined to environments using these specific ONTAP releases."}}}}, "created": "2026-01-13T09:27:28.191944+00:00", "title": "Privilege Escalation via Snapshot Expiry Misconfiguration in NetApp ONTAP 9", "updated": "2026-04-18T07:15:25.845903+00:00", "vendors": ["netapp", "netapp$PRODUCT$ontap_9"]}