CVE-2025-26514 — MEDIUM (6.4)

Q: How severe is CVE-2025-26514?

CVE-2025-26514 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-26514?

Check the references section above for vendor advisories and patch information. Affected products include: Netapp Storagegrid.

Vulnerability Description

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Reflected Cross-Site Scripting vulnerability. Successful exploit could allow an attacker to view or modify configuration settings or add or modify user accounts but requires the attacker to know specific information about the target instance and then trick a privileged user into clicking a specially crafted link.

CVSS Score

6.4

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Netapp	Storagegrid	< 11.8.0.15

Related Weaknesses (CWE)

CWE-79

References

https://security.netapp.com/advisory/NTAP-20250910-0001Vendor Advisory

FAQ

What is CVE-2025-26514?

CVE-2025-26514 is a vulnerability with a CVSS score of 6.4 (MEDIUM). StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Reflected Cross-Site Scripting vulnerability. Successful exploit could allow an attacker to...

How severe is CVE-2025-26514?

CVE-2025-26514 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-26514?

Check the references section above for vendor advisories and patch information. Affected products include: Netapp Storagegrid.