CVE-2026-22795 OpenSSL Vulnerability in NetApp Products
Summary
Multiple NetApp products incorporate OpenSSL. OpenSSL versions 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1. are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS). Successful exploitation of this vulnerability could lead to Denial of Service (DoS). <br><br> NetApp Manageability SDK:<br> OpenSSL was removed in 9.8P8. Affected products: Brocade SAN Navigator (SANnav), Management Services for Element Software and NetApp HCI, NetApp Console Agent Container (cbs-backend), NetApp HCI Baseboard Management Controller (BMC) - H610S, NetApp LOADER 8.x, ONTAP 9. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
- ONTAP 9: 9.13.1P21
- ONTAP 9: 9.15.1P19
- ONTAP 9: 9.16.1P13
- ONTAP 9: 9.17.1P6
- ONTAP 9: 9.18.1P2
Official advisory · high-confidence parse· fetched 3 hours ago·verify at source
Mitigation checklist
- Update affected NetApp products to a fixed release: ONTAP 9: 9.13.1P21, ONTAP 9: 9.15.1P19, ONTAP 9: 9.16.1P13, ONTAP 9: 9.17.1P6, ONTAP 9: 9.18.1P2.
- NetApp HCI Baseboard Management Controller (BMC) - H610S has no planned fix; migrate to a supported release or product and consult NetApp's end-of-support notice.
Official advisory · high-confidence parse· fetched 3 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.