CVE-2026-28301

Vulnerability

A vulnerability exists in the SolarWinds Platform where a crafted external URL can redirect a user to an unintended website. The specific conditions or configurations required for this vulnerability to be triggered are not detailed in the available references. Affected versions are not explicitly mentioned.

Exploitation

An attacker could provide a specially crafted external URL to a user. If the user clicks on this URL, they may be redirected to a website controlled by the attacker, potentially for phishing purposes. No specific authentication or user interaction details beyond clicking a link are provided in the references.

Impact

Successful exploitation of this vulnerability could lead to a user being redirected to an unintended website. This could facilitate phishing attacks, where users might be tricked into revealing sensitive information or performing malicious actions on a fraudulent site. The scope of impact is limited to users who interact with the crafted URL.

Mitigation

Reference [1] lists release notes for SolarWinds Observability Self-Hosted 2026.2, which may contain fixes for various issues, but does not explicitly mention this vulnerability. Reference [2] provides general security best practices for the SolarWinds Platform, recommending the installation of the latest versions and hotfixes. Reference [3] is a security advisory page that does not provide specific mitigation details. No fixed version or explicit workaround is disclosed in the available references.