CVE-2026-22051
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk8th percentile - higher than 8% of all known CVEs
Summary
A vulnerability in StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.13 and 12.0.0.6 allows an authenticated attacker with low privileges to run arbitrary metrics queries, revealing metric results they do not have access to.
Risk Assessment
The organization is at risk of leaking sensitive metric data, which may include performance, configuration, or other system information, potentially facilitating further attacks.
Recommendation
Immediately upgrade StorageGRID to version 11.9.0.13, 12.0.0.6, or later to remediate the vulnerability.
Original NVD description (English source)
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.13 and 12.0.0.6 are susceptible to a Information Disclosure vulnerability. Successful exploit could allow an authenticated attacker with low privileges to run arbitrary metrics queries, revealing metric results that they do not have access to.

