CVE-2026-25679 Golang Vulnerability in NetApp Products
Summary
Multiple NetApp products incorporate Golang. Golang versions prior to 1.25.8 and 1.26.0-0 prior to go1.26.1 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS). Successful exploitation of this vulnerability could lead to Denial of Service (DoS). Affected products: Astra Control Center, Astra Control Center - NetApp Kubernetes Monitoring Operator, NetApp Kubernetes Monitoring Operator, ONTAP tools for VMware vSphere 10, Trident, Trident Protect. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
What this means
In plain English
Multiple NetApp products incorporate Golang. Golang versions prior to 1.25.8 and 1.26.0-0 prior to go1.26.1 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS). Successful exploitation of this vulnerability could lead to Denial of Service (DoS). Affected products: Astra Control Center, Astra Control Center - NetApp Kubernetes Monitoring Operator, NetApp Kubernetes Monitoring Operator, ONTAP tools for VMware vSphere 10, Trident, Trident Protect. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. Successful exploitation can interrupt the affected service or exhaust resources, reducing availability until the component recovers.
Vulnerable items
- Astra Control Center - NetApp Kubernetes Monitoring Operator — Kubernetes orchestrates containerized applications across clusters of compute nodes.
- ONTAP tools for VMware vSphere 10 — NetApp ONTAP is the storage operating system used across NetApp enterprise storage systems.
- Trident Protect
Recommended action
Primary action: update to a vendor-listed fixed release: ONTAP tools for VMware vSphere 10: 10.5P2, Trident: 02.1, Trident Protect: 26.06. Vendor mitigation: Update affected NetApp products to a fixed release: ONTAP tools for VMware vSphere 10: 10.5P2, Trident: 02.1, Trident Protect: 26.06. Astra Control Center has no planned fix; migrate to a supported release or product and consult NetApp's end-of-support notice. Astra Control Center - NetApp Kubernetes Monitoring Operator has no planned fix; migrate to a supported release or product and consult NetApp's end-of-support notice. Trident Protect: Fixed in version 26.06.
Rewritten locally from the scraped official advisory data above; no generative API is used. The vendor advisory is authoritative.
- 1.25.8
- 1.26.0-0
- 26.1
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
- ONTAP tools for VMware vSphere 10: 10.5P2
- Trident: 02.1
- Trident Protect: 26.06
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Mitigation checklist
- Update affected NetApp products to a fixed release: ONTAP tools for VMware vSphere 10: 10.5P2, Trident: 02.1, Trident Protect: 26.06.
- Astra Control Center has no planned fix; migrate to a supported release or product and consult NetApp's end-of-support notice.
- Astra Control Center - NetApp Kubernetes Monitoring Operator has no planned fix; migrate to a supported release or product and consult NetApp's end-of-support notice.
- Trident Protect: Fixed in version 26.06.
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.