By vendor

Netapp vulnerabilities

Known CVEs affecting Netapp products, prioritized by severity, with SEC.co remediation and detection guidance.

2 published vulnerabilities

  • CVE-2026-22054HIGH 8.8

    NetApp Active IQ Config Advisor version 6.7.3 contains hard-coded credentials embedded in the application code. An attacker with valid login credentials—even with minimal user privileges—can exploit these hard-coded credentials to perform AutoSupport operations without authorization. AutoSupport is a critical diagnostic and support feature that transmits sensitive system configuration and performance data to NetApp; unauthorized use could lead to data exfiltration, system misconfiguration, or support channel manipulation.

  • CVE-2026-22055HIGH 8.8

    Active IQ OneCollect version 2.7.3 contains hard-coded credentials embedded in the application. An authenticated user with basic network access can exploit these credentials to perform unauthorized AutoSupport operations—potentially exfiltrating sensitive system telemetry, configuration data, or triggering unwanted support actions. The vulnerability requires an attacker to already have valid credentials to an affected system, but once authenticated, the hard-coded secrets bypass normal access controls and allow privilege escalation to perform high-impact operations.