本ページは solarwinds observability_self-hosted に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-28298 | SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution. | [email protected] | 5.9 | 0.34% | 2026-03-26 | 2026-06-17 |
| CVE-2026-28297 | SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution. | [email protected] | 6.1 | 0.37% | 2026-03-26 | 2026-06-17 |
| CVE-2025-40545 | SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required. | [email protected] | 4.8 | 0.21% | 2025-11-18 | 2026-06-17 |
| CVE-2025-26391 | SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account. | [email protected] | 5.4 | 0.40% | 2025-11-18 | 2026-06-17 |
| CVE-2025-26392 | SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account. | [email protected] | 5.4 | 0.21% | 2025-10-21 | 2026-06-17 |
| CVE-2025-26397 | SolarWinds Observability Self-Hosted is susceptible to Deserialization of Untrusted Data Local Privilege Escalation vulnerability. An attacker with low privileges can escalate privileges to run malicious files copied to a permission-protected folder. This vulnerability requires authentication from a low-level account and local access to the host server. | [email protected] | 7.8 | 0.26% | 2025-07-24 | 2026-06-17 |
| CVE-2025-26395 | SolarWinds Observability Self-Hosted was susceptible to a cross-site scripting (XSS) vulnerability due to an unsanitized field in the URL. The attack requires authentication using an administrator-level account and user interaction is required. | [email protected] | 7.1 | 0.19% | 2025-06-10 | 2026-06-17 |
| CVE-2025-26394 | SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required. | [email protected] | 4.8 | 0.17% | 2025-06-10 | 2026-06-17 |