CVE-2026-22048
Published: 18 February 2026
Summary
CVE-2026-22048 is a high-severity SSRF (CWE-918) vulnerability. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-22048 is a Server-Side Request Forgery (SSRF) vulnerability, classified under CWE-918, affecting NetApp StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.12 and 12.0.0.4. The issue arises when Single Sign-on (SSO) is enabled and configured to use Microsoft Entra ID (formerly Azure AD) as the identity provider (IdP). It has a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H), indicating high availability impact with low integrity impact and no confidentiality impact.
An authenticated attacker with low privileges can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows the attacker to delete configuration data or deny access to certain resources, potentially disrupting operations.
NetApp has published security advisory NTAP-20260217-0001, available at https://security.netapp.com/advisory/NTAP-20260217-0001, which provides details on mitigation. Upgrading to StorageGRID version 11.9.0.12 or 12.0.0.4 resolves the vulnerability.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-8066
Vulnerability details
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID (formerly Azure AD) as an IdP are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. Successful exploit could allow…
more
an authenticated attacker with low privileges to delete configuration data or deny access to some resources.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF vulnerability in a network-accessible StorageGRID web application directly enables exploitation of a public-facing (or remotely reachable) service for impact such as data deletion or denial of service.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Validates untrusted URL or redirect inputs in the SSO/Entra ID flow to block forged server-side requests that enable config deletion or DoS.
Enforces boundary controls on outbound HTTP requests initiated by StorageGRID during SSO, limiting SSRF reach to internal configuration resources.
Requires prompt application of the vendor patches (11.9.0.12 / 12.0.0.4) that eliminate the SSRF flaw in the Entra ID integration.