Severity by source
AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
3DescriptionCVE.org
SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.
AnalysisAI
SolarWinds Observability Self-Hosted versions 2026.1.1 and earlier contain a stored cross-site scripting vulnerability that allows authenticated attackers with high privileges to inject malicious scripts into the application, resulting in unintended script execution within the security context of the affected system. The vulnerability requires administrative or high-privilege access and does not currently show evidence of active exploitation, though the ability to persist malicious payloads in stored data represents a significant insider threat. Affected organizations should prioritize patching to versions after 2026.1.1 to eliminate the XSS attack surface.
Technical ContextAI
The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting or XSS). In stored XSS attacks, malicious input is persisted in a backend data store and executed in victims' browsers when that data is rendered without proper output encoding or sanitization. SolarWinds Observability Self-Hosted (CPE: cpe:2.3:a:solarwinds:solarwinds_observability_self-hosted:*:*:*:*:*:*:*:*) is a self-hosted observability platform; the vulnerability likely affects user input fields, configuration parameters, or data ingestion pathways where scripts can be stored and later reflected to other users or administrative interfaces. Stored XSS in monitoring/observability platforms is particularly dangerous because these systems are typically accessed by privileged users and trusted administrators.
RemediationAI
Upgrade SolarWinds Observability Self-Hosted to a version after 2026.1.1 as documented in the vendor's security advisory. Until patching can be completed, implement network segmentation to restrict access to the self-hosted observability platform from trusted administrative networks only, enforce strong authentication and session management for high-privilege accounts, and monitor audit logs for unauthorized modifications to stored data or suspicious script injection attempts. Additional details on patched versions and deployment procedures are available at https://www.solarwinds.com/trust-center/security-advisories/CVE-2026-28297 and the release notes at https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2026-1-1_release_notes.htm.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16183