Severity by source
AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
Lifecycle Timeline
3DescriptionCVE.org
SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.
AnalysisAI
SolarWinds Observability Self-Hosted versions 2026.1.1 and earlier contain a stored cross-site scripting (XSS) vulnerability that permits authenticated high-privilege users to inject malicious scripts into the application, resulting in unintended script execution when other users access affected pages. The vulnerability requires high privilege level and user interaction to exploit, limiting real-world attack surface; no public exploit code or active exploitation has been identified at the time of analysis.
Technical ContextAI
The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation), a stored XSS flaw in which user-supplied input is not properly sanitized before being persisted in the application database and subsequently rendered in web pages. SolarWinds Observability Self-Hosted (CPE: cpe:2.3:a:solarwinds:solarwinds_observability_self-hosted:*:*:*:*:*:*:*:*) is a self-hosted observability platform that processes and displays monitoring data. The vulnerability exists in the web application tier where administrative or high-privilege users can inject script payloads through input fields that are inadequately filtered, leading to execution in the browser context of other users when they view stored content.
RemediationAI
Upgrade SolarWinds Observability Self-Hosted to a version released after 2026.1.1; consult the SolarWinds security advisory at https://www.solarwinds.com/trust-center/security-advisories/CVE-2026-28298 for the specific patched version number and availability. Until patching is feasible, restrict administrative access to the application to trusted internal users only, enforce network segmentation to limit access from the local network to authorized personnel, and conduct user awareness training to recognize and report suspicious content modifications in dashboards. Additionally, implement Content Security Policy (CSP) headers where possible to mitigate XSS payload execution even if stored payloads are present.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16185
GHSA-c2f7-jh9g-224w