Solarwinds Observability Self Hosted
Monthly
SolarWinds Observability Self-Hosted versions 2026.1.1 and earlier contain a stored cross-site scripting (XSS) vulnerability that permits authenticated high-privilege users to inject malicious scripts into the application, resulting in unintended script execution when other users access affected pages. The vulnerability requires high privilege level and user interaction to exploit, limiting real-world attack surface; no public exploit code or active exploitation has been identified at the time of analysis.
SolarWinds Observability Self-Hosted versions 2026.1.1 and earlier contain a stored cross-site scripting vulnerability that allows authenticated attackers with high privileges to inject malicious scripts into the application, resulting in unintended script execution within the security context of the affected system. The vulnerability requires administrative or high-privilege access and does not currently show evidence of active exploitation, though the ability to persist malicious payloads in stored data represents a significant insider threat. Affected organizations should prioritize patching to versions after 2026.1.1 to eliminate the XSS attack surface.
SolarWinds Observability Self-Hosted versions 2026.1.1 and earlier contain a stored cross-site scripting (XSS) vulnerability that permits authenticated high-privilege users to inject malicious scripts into the application, resulting in unintended script execution when other users access affected pages. The vulnerability requires high privilege level and user interaction to exploit, limiting real-world attack surface; no public exploit code or active exploitation has been identified at the time of analysis.
SolarWinds Observability Self-Hosted versions 2026.1.1 and earlier contain a stored cross-site scripting vulnerability that allows authenticated attackers with high privileges to inject malicious scripts into the application, resulting in unintended script execution within the security context of the affected system. The vulnerability requires administrative or high-privilege access and does not currently show evidence of active exploitation, though the ability to persist malicious payloads in stored data represents a significant insider threat. Affected organizations should prioritize patching to versions after 2026.1.1 to eliminate the XSS attack surface.