Unrated severityNVD Advisory· Published Aug 12, 2025· Updated Feb 26, 2026

SolarWinds Database Performance Analyzer Hard-coded Cryptographic Key Vulnerability

CVE-2025-26398

Description

SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not installed by default, local access to the server and administrator level privileges on the host.

Affected products

SolarWinds/Database Performance Analyzerllm-create
SolarWinds/Database Performance Analyzerv5
Range: 2025.2 and below

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2025-3_release_notes.htmmitre
www.solarwinds.com/trust-center/security-advisories/CVE-2025-26398mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000