3 advisories tracked · NetApp Product Security Advisories (PSIRT) · direct feeds checked every minute; rate-limited backstops use a safe source cadence
Pick your product and enter the exact software release it runs. We match it against the affected/fixed versions in NetApp's recent advisories.
NetApp Product Security Advisories (PSIRT)
Polled through NetApp Product Security's official advisory API. It supplies the canonical NTAP advisory ID, NetApp-calculated CVSS, affected and investigating products, remediation releases, workarounds and revision dates without relying on a third-party keyword search.
Visit NetApp security advisoriesMultiple NetApp products incorporate OpenSSL. OpenSSL versions 4.0, 3.6, 3.5, 3.4, and 3.0 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information. Successful exploitation of this vulnerability could lead to disclosure of sensitive information. Affected products: FAS/AFF Baseboard Management Controller (BMC) - 8300/8700/A400/C400, NetApp Console Agent Container (adc), NetApp Console Agent Container (cbs), NetApp Console Agent Container (cbs-backend), ONTAP Select Deploy administration utility. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate OpenSSL. OpenSSL versions 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1. are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS). Successful exploitation of this vulnerability could lead to Denial of Service (DoS). <br><br> NetApp Manageability SDK:<br> OpenSSL was removed in 9.8P8. Affected products: Brocade SAN Navigator (SANnav), Management Services for Element Software and NetApp HCI, NetApp Console Agent Container (cbs-backend), NetApp HCI Baseboard Management Controller (BMC) - H610S, NetApp LOADER 8.x, ONTAP 9. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate the Oracle Java Platform, Standard Edition (Java SE). Java SE versions 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, and 25.0.1 are susceptible to vulnerabilities that could allow an unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Refer to “Oracle Critical Patch Update Advisory - January 2026” for additional details. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data as well as unauthorized read access to a subset of Oracle Java SE accessible data, unauthorized creation, deletion or modification access to critical data or all Oracle Java SE accessible data, and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE. <br><br> OnCommand Insight:<br> Affected by only CVE-2026-21925 and CVE-2026-21933. <br> Data Infrastructure Insights Storage Workload Security Agent:<br> Affected by only CVE-2026-21933. Affected products: Active IQ Unified Manager for VMware vSphere, Data Infrastructure Insights and Data Secure Storage Workload Security Agent, NetApp Console Agent, OnCommand Insight. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status.