Stored Cross-Site Scripting Vulnerability in SolarWinds Observability Self-Hosted
CVE-2026-28297

6.1MEDIUM

Key Information:

Vendor: Solarwinds
Status: Solarwinds Observability Self-hosted
Vendor: CVE Published:; 26 March 2026

What is CVE-2026-28297?

SolarWinds Observability Self-Hosted is susceptible to a stored cross-site scripting vulnerability. This issue can allow attackers to execute unintended scripts on users’ browsers, potentially leading to information theft or session hijacking. The vulnerability arises from insufficient validation of user-supplied input, making it critical for users to apply mitigations promptly to safeguard their environments.

Affected Version(s)

SolarWinds Observability Self-Hosted Windows 2026.1.1 and previous versions

References

https://www.solarwinds.com/trust-center/security-advisori...

https://documentation.solarwinds.com/en/success_center/or...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2026
Vulnerability Reserved
Feb 26, 2026

Credit

Steven Karschnia - Armadin

CVE-2026-28297 Data

JSON

Solarwinds

What is CVE-2026-28297?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit