CVE-2025-26515

StorageGRID (formerly StorageGRID Webscale) is affected by CVE-2025-26515, a Server-Side Request Forgery (SSRF) in versions prior to 11.8.0.15 and 11.9.0.8 when Single Sign-On is not enabled. An unauthenticated attacker could change the password of any Grid Manager or Tenant Manager non-federated...

CVE-2025-26515 CVE-2025-26515 Server-Side Request Forgery Vulnerability in StorageGRID (formerly StorageGRID Webscale)

StorageGRID formerly StorageGRID Webscale versions prior to 11.8.0.15 and 11.9.0.8 without Single Sign-on enabled are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an unauthenticated attacker to change the password of any Grid Manager or Tenant...

CVE-2025-26515 CVE-2025-26515 Server-Side Request Forgery Vulnerability in StorageGRID (formerly StorageGRID Webscale)

StorageGRID formerly StorageGRID Webscale versions prior to 11.8.0.15 and 11.9.0.8 without Single Sign-on enabled are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an unauthenticated attacker to change the password of any Grid Manager or Tenant...

PT-2025-38590

Name of the Vulnerable Software and Affected Versions StorageGRID versions prior to 11.8.0.15 StorageGRID versions prior to 11.9.0.8 Description StorageGRID formerly StorageGRID Webscale is susceptible to a Server-Side Request Forgery SSRF issue. A successful exploit could allow an unauthenticate...