Stored Cross-Site Scripting Vulnerability in SolarWinds Database Performance Analyzer
CVE-2026-28322

5.6MEDIUM

Key Information:

Vendor

Solarwinds

Vendor
CVE Published:
30 June 2026

What is CVE-2026-28322?

The SolarWinds Database Performance Analyzer has been identified as containing a stored cross-site scripting vulnerability. This flaw allows attackers to inject malicious scripts that can be executed in the browser of users accessing the affected application. If successfully exploited, this vulnerability could result in unauthorized actions being performed within the application, potentially compromising user data and application integrity. It is crucial for users to apply the latest security updates and follow best practices for secure configuration to mitigate this risk.

Affected Version(s)

Database Performance Analyzer 2026.1 and below

References

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.