CVE-2026-0209

Summary

Under certain administrative conditions, FlashArray Purity may apply snapshot retention policies earlier or later than configured.

Affected Software

VendorProductVersion RangeStatus
PureStorageFlashArray5.0.0 <= 5.3.21affected
PureStorageFlashArray6.0.0 <= 6.4.10affected
PureStorageFlashArray6.5.0 <= 6.5.12affected
PureStorageFlashArray6.6.0 <= 6.6.11affected
PureStorageFlashArray6.7.0 <= 6.7.6affected
PureStorageFlashArray6.8.0 <= 6.8.9affected
PureStorageFlashArray6.9.0 <= 6.9.1affected
PureStorageFlashArray6.10.0affected

Weaknesses

  • CWE-783: CWE-783 Operator precedence logic error

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References