Observability Self-Hosted
by SolarWinds
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-28298 | 0.00 | — | 0.00 | Mar 26, 2026 | SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution. | |||
| CVE-2026-28297 | 0.00 | — | 0.00 | Mar 26, 2026 | SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution. | |||
| CVE-2025-40545 | 0.00 | — | 0.00 | Nov 18, 2025 | SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required. | |||
| CVE-2025-26391 | 0.00 | — | 0.00 | Nov 18, 2025 | SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account. | |||
| CVE-2025-26392 | 0.00 | — | 0.00 | Oct 21, 2025 | SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account. | |||
| CVE-2025-26397 | 0.00 | — | 0.00 | Jul 24, 2025 | SolarWinds Observability Self-Hosted is susceptible to Deserialization of Untrusted Data Local Privilege Escalation vulnerability. An attacker with low privileges can escalate privileges to run malicious files copied to a permission-protected folder. This vulnerability requires authentication from a low-level account and local access to the host server. | |||
| CVE-2025-26395 | 0.00 | — | 0.00 | Jun 10, 2025 | SolarWinds Observability Self-Hosted was susceptible to a cross-site scripting (XSS) vulnerability due to an unsanitized field in the URL. The attack requires authentication using an administrator-level account and user interaction is required. | |||
| CVE-2025-26394 | 0.00 | — | 0.00 | Jun 10, 2025 | SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required. |
- CVE-2026-28298Mar 26, 2026risk 0.00cvss —epss 0.00
SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.
- CVE-2026-28297Mar 26, 2026risk 0.00cvss —epss 0.00
SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.
- CVE-2025-40545Nov 18, 2025risk 0.00cvss —epss 0.00
SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.
- CVE-2025-26391Nov 18, 2025risk 0.00cvss —epss 0.00
SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account.
- CVE-2025-26392Oct 21, 2025risk 0.00cvss —epss 0.00
SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account.
- CVE-2025-26397Jul 24, 2025risk 0.00cvss —epss 0.00
SolarWinds Observability Self-Hosted is susceptible to Deserialization of Untrusted Data Local Privilege Escalation vulnerability. An attacker with low privileges can escalate privileges to run malicious files copied to a permission-protected folder. This vulnerability requires authentication from a low-level account and local access to the host server.
- CVE-2025-26395Jun 10, 2025risk 0.00cvss —epss 0.00
SolarWinds Observability Self-Hosted was susceptible to a cross-site scripting (XSS) vulnerability due to an unsanitized field in the URL. The attack requires authentication using an administrator-level account and user interaction is required.
- CVE-2025-26394Jun 10, 2025risk 0.00cvss —epss 0.00
SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.