CVE-2026-0603 Hibernate ORM Vulnerability in NetApp Products
Summary
Multiple NetApp products incorporate Hibernate ORM. Hibernate ORM versions 5.2.8 through 5.6.15 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). Affected products: Active IQ Unified Manager for Linux, Active IQ Unified Manager for Microsoft Windows, Active IQ Unified Manager for VMware vSphere, ONTAP tools for VMware vSphere 10. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
What this means
In plain English
Multiple NetApp products incorporate Hibernate ORM. Hibernate ORM versions 5.2.8 through 5.6.15 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). Affected products: Active IQ Unified Manager for Linux, Active IQ Unified Manager for Microsoft Windows, Active IQ Unified Manager for VMware vSphere, ONTAP tools for VMware vSphere 10. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. Information disclosure can expose data available to the affected component beyond its intended authorization boundary.
Vulnerable items
- Active IQ Unified Manager for Linux — Active IQ Unified Manager for Linux is a NetApp management component used to administer connected systems or services.
- Active IQ Unified Manager for Microsoft Windows — Active IQ Unified Manager for Microsoft Windows is a NetApp management component used to administer connected systems or services.
- Active IQ Unified Manager for VMware vSphere — Active IQ Unified Manager for VMware vSphere is a NetApp management component used to administer connected systems or services.
- ONTAP tools for VMware vSphere 10 — NetApp ONTAP is the storage operating system used across NetApp enterprise storage systems.
Recommended action
Primary action: update to a vendor-listed fixed release: Active IQ Unified Manager for Linux: 9.18P2, Active IQ Unified Manager for Microsoft Windows: 9.18P2, Active IQ Unified Manager for VMware vSphere: 9.18P2, ONTAP tools for VMware vSphere 10: 10.5P2. Vendor mitigation: Update affected NetApp products to a fixed release: Active IQ Unified Manager for Linux: 9.18P2, Active IQ Unified Manager for Microsoft Windows: 9.18P2, Active IQ Unified Manager for VMware vSphere: 9.18P2, ONTAP tools for VMware vSphere 10: 10.5P2.
Rewritten locally from the scraped official advisory data above; no generative API is used. The vendor advisory is authoritative.
- 5.2.8
- 5.6.15
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
- Active IQ Unified Manager for Linux: 9.18P2
- Active IQ Unified Manager for Microsoft Windows: 9.18P2
- Active IQ Unified Manager for VMware vSphere: 9.18P2
- ONTAP tools for VMware vSphere 10: 10.5P2
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Mitigation checklist
- Update affected NetApp products to a fixed release: Active IQ Unified Manager for Linux: 9.18P2, Active IQ Unified Manager for Microsoft Windows: 9.18P2, Active IQ Unified Manager for VMware vSphere: 9.18P2, ONTAP tools for VMware vSphere 10: 10.5P2.
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.