CVE Catalog

CVE-2026-22051

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile - higher than 8% of all known CVEs

Summary

A vulnerability in StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.13 and 12.0.0.6 allows an authenticated attacker with low privileges to run arbitrary metrics queries, revealing metric results they do not have access to.

Risk Assessment

The organization is at risk of leaking sensitive metric data, which may include performance, configuration, or other system information, potentially facilitating further attacks.

Recommendation

Immediately upgrade StorageGRID to version 11.9.0.13, 12.0.0.6, or later to remediate the vulnerability.

Original NVD description (English source)

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.13 and 12.0.0.6 are susceptible to a Information Disclosure vulnerability. Successful exploit could allow an authenticated attacker with low privileges to run arbitrary metrics queries, revealing metric results that they do not have access to.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS