NetApp ONTAP Snapshot Expiry Manipulation Vulnerability

Vulnerability

A vulnerability exists in NetApp ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2, when snapshot locking is enabled. This vulnerability could allow a privileged remote attacker to change the snapshot expiry time to none.

Impact

Exploitation of this vulnerability could lead to indefinite retention of snapshots, potentially causing storage management issues or excessive use of storage resources.

Added: Jan 12, 2026, 6:19 PM

Updated: Jan 12, 2026, 6:19 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.6

exploitability

4.9

remediation

0.0

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.6

exploitability

4.9

remediation

0.0

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NetApp ONTAP Snapshot Expiry Manipulation Vulnerability

Vulnerability

Impact

Affected Products

NetApp ONTAP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating