This vulnerability (CVE-2026-0209) in PureStorage FlashArray Purity involves a CWE-783 operator precedence logic error that results in snapshot retention policies being enforced at incorrect times relative to their configuration. The issue occurs under specific administrative conditions and affects versions 5.0.0 through 6.10.0. The CVSS 4.0 base score is 6.9 (medium severity), reflecting network attack vector, low attack complexity, no privileges required beyond high-level administrative, no user interaction, and high impact on integrity. No patch or remediation level has been disclosed by PureStorage, and no known exploitation has been reported.

The impact is that snapshot retention policies may not be applied as intended, potentially leading to premature or delayed deletion of snapshots. This could affect data availability or compliance with retention requirements but does not directly compromise confidentiality or allow unauthorized access. The medium CVSS score reflects moderate risk due to the potential operational impact on data retention.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, administrators should carefully monitor snapshot retention behavior and manually verify that retention policies are being enforced as expected. No vendor advisory or patch information is currently provided, so no official remediation steps can be recommended beyond vigilance.