CVE-2026-22050

🔶 medium

Summary

ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 with snapshot locking enabled are susceptible to a vulnerability which could allow a privileged remote attacker to set the snapshot expiry time to none.

CVSS Score

4.3

Medium

EPSS Score

0.0

Exploit Probability

Published Date

2026-01-12

First Seen: 2026-01-17

Last Modified 2026-01-22

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS Vector 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE IDs (Weakness Types)

CWE-639

🔗 References 1

https://security.netapp.com/advisory/NTAP-20260112-0001

Vendor Advisory

📦 Affected Products 2

Vendor	Product	Status	Affected Versions
netapp	ontap	Affected	v9.16.1
netapp	ontap	Affected	v9.17.1

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2025-1734	🔶 medium	5.3	0.4	In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when recei...	2025-03-30
CVE-2025-1736	⚠️ high	7.3	0.7	In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-...	2025-03-30
CVE-2025-1861	⛔ critical	9.8	0.9	In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsi...	2025-03-30
CVE-2024-56171	⚠️ high	7.8	0.1	libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleID...	2025-02-18
CVE-2025-26465	🔶 medium	6.8	64.4	A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be ...	2025-02-18
CVE-2025-24928	⚠️ high	7.8	0.0	libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To ...	2025-02-18

These CVEs affect the same products