{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28297", "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "state": "PUBLISHED", "assignerShortName": "SolarWinds", "dateReserved": "2026-02-26T14:15:09.402Z", "datePublished": "2026-03-26T14:01:37.526Z", "dateUpdated": "2026-03-27T03:55:35.217Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "packageName": "2026.1.1", "platforms": ["Windows"], "product": "SolarWinds Observability Self-Hosted", "vendor": "SolarWinds", "versions": [{"status": "affected", "version": "2026.1.1 and previous versions"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Steven Karschnia - Armadin"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution."}], "value": "SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution."}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2026-03-26T14:09:48.593Z"}, "references": [{"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2026-28297"}, {"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2026-1-1_release_notes.htm"}], "source": {"discovery": "UNKNOWN"}, "title": "SolarWinds Observability Self-Hosted Stored Cross-Site Scripting Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-28297"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T03:55:35.217Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28297", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-26T18:51:03.269069Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T18:51:09.252Z"}}], "cna": {"title": "SolarWinds Observability Self-Hosted Stored Cross-Site Scripting Vulnerability", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Steven Karschnia - Armadin"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SolarWinds", "product": "SolarWinds Observability Self-Hosted", "versions": [{"status": "affected", "version": "2026.1.1 and previous versions"}], "platforms": ["Windows"], "packageName": "2026.1.1", "defaultStatus": "affected"}], "references": [{"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2026-28297"}, {"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2026-1-1_release_notes.htm"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.", "supportingMedia": [{"type": "text/html", "value": "SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2026-03-26T14:09:48.593Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28297", "state": "PUBLISHED", "dateUpdated": "2026-03-27T03:55:35.217Z", "dateReserved": "2026-02-26T14:15:09.402Z", "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "datePublished": "2026-03-26T14:01:37.526Z", "assignerShortName": "SolarWinds"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution."}, {"lang": "es", "value": "SolarWinds Observability Self-Hosted se encontr\u00f3 que estaba afectado por una vulnerabilidad de cross-site scripting almacenado, la cual, al ser explotada, puede llevar a la ejecuci\u00f3n de scripts no deseados."}], "id": "CVE-2026-28297", "lastModified": "2026-03-30T13:26:50.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.2, "source": "[email protected]", "type": "Primary"}]}, "published": "2026-03-26T15:16:34.520", "references": [{"source": "[email protected]", "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2026-1-1_release_notes.htm"}, {"source": "[email protected]", "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2026-28297"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["windows"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,2026.1.1]"}}], "enrichment": {"confidence": 87.0, "confidence_source": "matching", "scores": [{"score": 87.0, "source": "matching"}]}, "original": {"product": "SolarWinds Observability Self-Hosted", "source": "cna", "vendor": "SolarWinds"}, "product": "observability_self-hosted", "vendor": "solarwinds"}], "analysis": {"en": {"generated_at": "2026-03-26T15:28:27.741192+00:00", "value": {"mitigation_remediation": ["Apply the latest security update for SolarWinds Observability Self\u2011Hosted as soon as it becomes available.", "Verify that the application no longer stores or renders user input containing JavaScript.", "Stay informed by monitoring SolarWinds\u2019 security advisories for additional updates or guidance."], "summary": {"action": "Apply Patch", "impact": "Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "The affected product is SolarWinds Observability Self\u2011Hosted. Specific version information is not provided, so all deployments of this product should be considered vulnerable until an official fix is implemented.", "description_and_impact": "SolarWinds Observability Self\u2011Hosted is vulnerable to a stored cross\u2011site scripting flaw. Attackers can inject malicious JavaScript that is then rendered when legitimate users view affected pages, enabling execution of arbitrary code in the victim browser context.", "risk_and_exploitability": "The CVSS score of 6.1 signals moderate severity. EPSS data is unavailable and the vulnerability is not yet listed in the CISA KEV catalog. The most likely attack vector is through the web interface, where an attacker submits malicious input that is stored and later displayed to users."}}}}, "created": "2026-03-27T08:34:12.150071+00:00", "updated": "2026-03-27T09:26:39.546170+00:00", "vendors": ["solarwinds", "solarwinds$PRODUCT$observability_self-hosted"]}