Description
SolarWinds Database Performance Analyzer was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.
Published: 2026-06-30
Score: 5.6 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

SolarWinds Database Performance Analyzer contains a stored cross‑site scripting flaw that, when exploited, allows an attacker to execute arbitrary JavaScript in the victim’s browser. This unintended script execution could lead to session hijacking, credential theft, or other client‑side attacks. The weakness is a failure of input validation as defined by CWE‑20.

Affected Systems

The vulnerability affects all installations of SolarWinds Database Performance Analyzer prior to version 2026.2, for which the vendor recommends upgrading to that release or later.

Risk and Exploitability

The CVSS score of 5.6 indicates medium severity. No EPSS data are available and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is the DPA web interface that stores user‑supplied input, meaning the attacker must gain access to an account capable of submitting data that contains malicious script. While exploitation is not local or remote code execution, it remains a client‑side threat that can impact user confidentiality and integrity.

Generated by OpenCVE AI on June 30, 2026 at 23:20 UTC.

Remediation

Vendor Solution

SolarWinds recommends customers upgrade to SolarWinds Database Performance Analyzer version 2026.2 as soon as is practical.


OpenCVE Recommended Actions

  • Upgrade to SolarWinds Database Performance Analyzer version 2026.2 as soon as possible.
  • Ensure that all input fields that can store user content are subjected to proper sanitization or whitelist validation to prevent script injection.
  • Apply the secure configuration guidelines from SolarWinds’ secure configuration guide to reinforce input handling and reduce XSS risk.

Generated by OpenCVE AI on June 30, 2026 at 23:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Description SolarWinds Database Performance Analyzer was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.
Title SolarWinds Database Performance Analyzer Stored Cross-Site Scripting Vulnerability
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 5.6, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: SolarWinds

Published:

Updated: 2026-06-30T22:15:40.728Z

Reserved: 2026-02-26T14:46:41.520Z

Link: CVE-2026-28322

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T23:30:04Z

Weaknesses
  • CWE-20

    Improper Input Validation