2,517 CVEs

39 in CISA KEV

netapp Vulnerabilities

CVE security advisories and vulnerability history for netapp.

2,517

Total CVEs

Published

39

In CISA KEV

Exploited in the wild

267

Public exploits

With known exploit

6.0

Avg CVSS

2007–2026

Overview

netapp has 2,517 published CVE records since 2007, of which 39 are in CISA's Known Exploited Vulnerabilities catalog and 267 have a known public exploit. The average CVSS base score across scored CVEs is 6.0.

This page aggregates every publicly disclosed vulnerability (CVE) affecting netapp products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of netapp's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical64

High336

Medium839

Low125

1,153 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

39

39 of netapp's CVEs are confirmed exploited in the wild.

Public exploits

267

267 of netapp's CVEs have a known public exploit available.

Most affected products

The netapp products with the most published CVEs.

oncommand insight971 CVEs
debian linux872 CVEs
active iq unified manager848 CVEs
oncommand workflow automation743 CVEs
fedora681 CVEs
MySQL Server613 CVEs
snapcenter577 CVEs
mysql-server571 CVEs

Common weakness types

The CWE weakness categories most often found in netapp CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish netapp CVE records.

Disclosure activity by year

How many netapp CVEs were published each year.

2019

325

2020

388

2021

547

2022

503

2023

196

2024

166

2025

38

2026

4

Latest netapp CVEs

The most recently disclosed vulnerabilities affecting netapp.

Low vulnerability · 2026-04-20
CWE-200
Low · CVSS 2.3
EPSS 0.1%2026-04-20
Medium vulnerability · 2026-03-04
CWE-209
Medium · CVSS 5.3
EPSS 0.0%2026-03-04
High vulnerability · 2026-02-17
CWE-918
High · CVSS 7.1
EPSS 0.0%2026-02-17
Medium vulnerability · 2026-01-12
CWE-639
Medium · CVSS 6.9
EPSS 0.1%2026-01-12
CVE-2025-26517 Privilege Escalation Vulnerability in StorageGRID (formerly StorageGRID Webscale)
CWE-266
Medium · CVSS 5.4
EPSS 0.0%2025-09-19
CVE-2025-26516 Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale)
CWE-405
Medium · CVSS 5.3
EPSS 0.1%2025-09-19
CVE-2025-26515 Server-Side Request Forgery Vulnerability in StorageGRID (formerly StorageGRID Webscale)
CWE-918
High · CVSS 7.5
EPSS 0.0%2025-09-19
CVE-2025-26514 Reflected Cross-Site Scripting Vulnerability in StorageGRID (formerly StorageGRID Webscale)
CWE-79
Medium · CVSS 6.4
EPSS 0.0%2025-09-19
High vulnerability · 2025-08-07
CWE-269
High · CVSS 7.0
EPSS 0.0%2025-08-07
Apache HttpComponents: PSL (Public Suffix List) validation bypass
CWE-295
High · CVSS 7.5
EPSS 0.1%2025-04-24
Medium vulnerability · 2025-04-15
Medium · CVSS 5.3
EPSS 1.0%2025-04-15
Medium vulnerability · 2025-04-15
CWE-284
Medium · CVSS 4.8
EPSS 0.1%2025-04-15

Track new netapp CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor netapp CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

apache2,972 CVEs Qualcomm, Inc.2,934 CVEs hp2,526 CVEs qualcomm2,477 CVEs Huawei2,355 CVEs PyPI2,258 CVEs Android2,026 CVEs SourceCodester1,968 CVEs

Browse all vendors

Frequently asked questions

Common questions about netapp vulnerabilities.

How many CVEs does netapp have?

netapp has 2,517 published CVE records since 2007, including 42 in the last two years.

How many netapp CVEs are in CISA KEV?

Yes — 39 of netapp's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which netapp products have the most CVEs?

The netapp products with the most published CVEs are oncommand insight, debian linux, active iq unified manager, oncommand workflow automation, fedora.

What are the most common weakness types in netapp CVEs?

netapp's CVEs most often map to these CWE weakness types: CWE-416 (Use After Free), CWE-400 (Uncontrolled Resource Consumption), CWE-502 (Deserialization of Untrusted Data), CWE-787 (Out-of-bounds Write).

Are there public exploits for netapp vulnerabilities?

Yes — 267 of netapp's CVEs have a known public exploit.

How many critical netapp vulnerabilities are there?

netapp has 64 critical and 336 high-severity CVEs.

What is the average severity of netapp CVEs?

The average CVSS base score across netapp's scored CVEs is 6.0.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track netapp vulnerabilities

Monitor new netapp vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing