Description
SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.
Published: 2026-03-26
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Client‑side script execution (XSS)
Action: Immediate Patch
AI Analysis

Impact

SolarWinds Observability Self‑Hosted contains a stored cross‑site scripting flaw that allows attackers to embed malicious scripts in data displayed to users. When such payloads are injected, they execute in the browsers of any user who views the affected content, enabling session hijacking, data theft, or delivery of additional malware.

Affected Systems

The vulnerability applies to all variants of SolarWinds Observability Self‑Hosted until an update is applied.

Risk and Exploitability

The flaw is considered of moderate severity. Exploration analyses suggest a low probability of active exploitation. The vulnerability is not catalogued as a known exploited vulnerability. Attackers must have the privilege to inject data into the system; the injected script runs when affected data is rendered in a victim’s browser.

Generated by OpenCVE AI on March 31, 2026 at 16:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the SolarWinds Observability Self‑Hosted patch released in version 2026.1.1, as documented in the vendor’s release notes.

Generated by OpenCVE AI on March 31, 2026 at 16:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:solarwinds:observability_self-hosted:*:*:*:*:*:*:*:*

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Solarwinds
Solarwinds observability Self-hosted
Vendors & Products Solarwinds
Solarwinds observability Self-hosted

Thu, 26 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
Description SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.
Title SolarWinds Observability Self-Hosted Stored Cross-Site Scripting Vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

Solarwinds Observability Self-hosted
cve-icon MITRE

Status: PUBLISHED

Assigner: SolarWinds

Published:

Updated: 2026-03-27T03:55:35.217Z

Reserved: 2026-02-26T14:15:09.402Z

Link: CVE-2026-28297

cve-icon Vulnrichment

Updated: 2026-03-26T18:51:09.252Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T15:16:34.520

Modified: 2026-03-31T14:14:02.453

Link: CVE-2026-28297

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:09:04Z

Weaknesses