NetApp ONTAP ↗
NetApp · Infrastructure
5/100 Critical
Summary iPlain-English security verdict for NetApp ONTAP, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
NetApp ONTAP currently scores 5/100 — critical. No tracked vulnerabilities are currently known to be exploited in the wild. Upgrade promptly to address the open critical vulnerabilities.
Disclosure trend iNew CVEs published for NetApp ONTAP each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
'19
'20
'21
'22
'23
'24
'25
'26
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2024-38472 HIGH Server-side request forgery (SSRF) EPSS 91% → see advisory CVE-2024-38473 HIGH CWE-116 EPSS 89% → see advisory CVE-2024-27316 HIGH Resource exhaustion EPSS 88% → see advisory CVE-2024-6387 HIGH CWE-364 EPSS 66% → see advisory CVE-2025-26465 MEDIUM CWE-390 EPSS 61% → see advisory CVE-2025-1861 CRITICAL CWE-131 EPSS 1% → see advisory CVE-2024-8932 CRITICAL Out-of-bounds write EPSS 0% → see advisoryℹ lifecycle unknown — needs latest supported version