This page lists publicly disclosed CVE vulnerabilities affecting solarwinds observability_self-hosted (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-28298 | SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution. | [email protected] | 5.9 | 0.34% | 2026-03-26 | 2026-06-17 |
| CVE-2026-28297 | SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution. | [email protected] | 6.1 | 0.37% | 2026-03-26 | 2026-06-17 |
| CVE-2025-40545 | SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required. | [email protected] | 4.8 | 0.21% | 2025-11-18 | 2026-06-17 |
| CVE-2025-26391 | SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account. | [email protected] | 5.4 | 0.40% | 2025-11-18 | 2026-06-17 |
| CVE-2025-26392 | SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account. | [email protected] | 5.4 | 0.21% | 2025-10-21 | 2026-06-17 |
| CVE-2025-26397 | SolarWinds Observability Self-Hosted is susceptible to Deserialization of Untrusted Data Local Privilege Escalation vulnerability. An attacker with low privileges can escalate privileges to run malicious files copied to a permission-protected folder. This vulnerability requires authentication from a low-level account and local access to the host server. | [email protected] | 7.8 | 0.26% | 2025-07-24 | 2026-06-17 |
| CVE-2025-26395 | SolarWinds Observability Self-Hosted was susceptible to a cross-site scripting (XSS) vulnerability due to an unsanitized field in the URL. The attack requires authentication using an administrator-level account and user interaction is required. | [email protected] | 7.1 | 0.19% | 2025-06-10 | 2026-06-17 |
| CVE-2025-26394 | SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required. | [email protected] | 4.8 | 0.17% | 2025-06-10 | 2026-06-17 |