Stored Cross-Site Scripting Vulnerability in SolarWinds Observability Self-Hosted
CVE-2026-28298

5.9MEDIUM

Key Information:

Vendor: Solarwinds
Status: Solarwinds Observability Self-hosted
Vendor: CVE Published:; 26 March 2026

What is CVE-2026-28298?

SolarWinds Observability Self-Hosted is vulnerable to a stored cross-site scripting issue that allows attackers to execute unwanted scripts in users' browsers. If exploited, the vulnerability can compromise user data, leading to unauthorized access to sensitive information and potential malicious actions. Proper security measures and updates are essential to mitigate the risks associated with this vulnerability.

Affected Version(s)

SolarWinds Observability Self-Hosted 2026.1.1 and previous versions

References

https://www.solarwinds.com/trust-center/security-advisori...

https://documentation.solarwinds.com/en/success_center/or...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2026
Vulnerability Reserved
Feb 26, 2026

Credit

James Donlon-Armadin

CVE-2026-28298 Data

JSON

Solarwinds

What is CVE-2026-28298?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit