Observability Self Hosted

4 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-40545 MEDIUM Monitor

SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. Rated medium severity (CVSS 4.8). No vendor patch available.

Open Redirect Observability Self Hosted
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-26391 MEDIUM This Month

SolarWinds Observability Self-Hosted XSS Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

XSS Observability Self Hosted
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-26395 HIGH PATCH This Week

Stored/reflected cross-site scripting (XSS) vulnerability in SolarWinds Observability Self-Hosted caused by insufficient input sanitization in URL parameters. The vulnerability affects authenticated administrators and requires user interaction to exploit, allowing attackers with admin credentials to inject malicious scripts that execute in victim browsers with network-scoped impact (C:H, I:L, A:L). There is no indication of active exploitation in the wild (KEV status unknown) or public proof-of-concept availability based on available data.

XSS Authentication Bypass Observability Self Hosted
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-26394 MEDIUM PATCH This Month

SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.

Open Redirect Observability Self Hosted
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-40545
EPSS 0% CVSS 4.8
MEDIUM Monitor

SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. Rated medium severity (CVSS 4.8). No vendor patch available.

Open Redirect Observability Self Hosted
NVD
CVE-2025-26391
EPSS 0% CVSS 5.4
MEDIUM This Month

SolarWinds Observability Self-Hosted XSS Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

XSS Observability Self Hosted
NVD
CVE-2025-26395
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Stored/reflected cross-site scripting (XSS) vulnerability in SolarWinds Observability Self-Hosted caused by insufficient input sanitization in URL parameters. The vulnerability affects authenticated administrators and requires user interaction to exploit, allowing attackers with admin credentials to inject malicious scripts that execute in victim browsers with network-scoped impact (C:H, I:L, A:L). There is no indication of active exploitation in the wild (KEV status unknown) or public proof-of-concept availability based on available data.

XSS Authentication Bypass Observability Self Hosted
NVD
CVE-2025-26394
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.

Open Redirect Observability Self Hosted
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy