{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28298", "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "state": "PUBLISHED", "assignerShortName": "SolarWinds", "dateReserved": "2026-02-26T14:15:09.403Z", "datePublished": "2026-03-26T14:08:49.449Z", "dateUpdated": "2026-03-27T03:55:35.745Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "packageName": "2026.1.1", "product": "SolarWinds Observability Self-Hosted", "vendor": "SolarWinds", "versions": [{"status": "affected", "version": "2026.1.1 and previous versions"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "James Donlon-Armadin"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.<br>"}], "value": "SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution."}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2026-03-26T14:08:49.449Z"}, "references": [{"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2026-28298"}, {"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2026-1-1_release_notes.htm"}], "source": {"discovery": "EXTERNAL"}, "title": "SolarWinds Observability Self-Hosted Stored Cross-Site Scripting Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-28298"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T03:55:35.745Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28298", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-26T15:16:02.364424Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T15:16:27.129Z"}}], "cna": {"title": "SolarWinds Observability Self-Hosted Stored Cross-Site Scripting Vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "James Donlon-Armadin"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SolarWinds", "product": "SolarWinds Observability Self-Hosted", "versions": [{"status": "affected", "version": "2026.1.1 and previous versions"}], "packageName": "2026.1.1", "defaultStatus": "affected"}], "references": [{"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2026-28298"}, {"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2026-1-1_release_notes.htm"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.", "supportingMedia": [{"type": "text/html", "value": "SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2026-03-26T14:08:49.449Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28298", "state": "PUBLISHED", "dateUpdated": "2026-03-27T03:55:35.745Z", "dateReserved": "2026-02-26T14:15:09.403Z", "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "datePublished": "2026-03-26T14:08:49.449Z", "assignerShortName": "SolarWinds"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution."}, {"lang": "es", "value": "SolarWinds Observability Self-Hosted se encontr\u00f3 que estaba afectado por una vulnerabilidad de cross-site scripting almacenado, que, al ser explotada, puede llevar a la ejecuci\u00f3n de scripts no deseados."}], "id": "CVE-2026-28298", "lastModified": "2026-03-30T13:26:50.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 5.2, "source": "[email protected]", "type": "Primary"}]}, "published": "2026-03-26T15:16:34.710", "references": [{"source": "[email protected]", "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2026-1-1_release_notes.htm"}, {"source": "[email protected]", "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2026-28298"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2026.1.1]"}}], "enrichment": {"confidence": 87.0, "confidence_source": "matching", "scores": [{"score": 87.0, "source": "matching"}]}, "original": {"product": "SolarWinds Observability Self-Hosted", "source": "cna", "vendor": "SolarWinds"}, "product": "observability_self-hosted", "vendor": "solarwinds"}], "analysis": {"en": {"generated_at": "2026-03-26T15:27:34.894264+00:00", "value": {"mitigation_remediation": ["Update SolarWinds Observability Self\u2011Hosted to the latest release that contains the XSS fix", "If an immediate update is not possible, limit the scope of input fields that are stored and displayed, ensuring they are properly escaped or sanitized", "Implement a Content Security Policy to restrict uncontrolled script execution", "Verify that only authenticated and authorized users can access input surfaces that could be used for injection"], "summary": {"action": "Apply Patch", "impact": "Stored Cross\u2011Site Scripting leading to script execution"}, "threat_synthesis": {"affected_systems": "The affected product is SolarWinds Observability Self\u2011Hosted. No specific version numbers are identified in the available data, so administrators should verify whether their deployment includes the vulnerable component and consult the vendor for the latest update.", "description_and_impact": "SolarWinds Observability Self\u2011Hosted contains a stored cross\u2011site scripting flaw that allows an attacker to inject malicious scripts into a page that is subsequently rendered to other users. The vulnerability is categorized as CWE\u201179 and can lead to unintended script execution, which may enable attackers to hijack user sessions, deface content, or perform actions on behalf of authenticated users. The impact is confined to a compromised browser context but can be leveraged for broader credential theft or phishing attacks.", "risk_and_exploitability": "The CVSS base score for this issue is 5.9, indicating medium severity. Exploitability data from EPSS is not provided, and the vulnerability is not listed in the CISA KEV catalog, suggesting it has not yet been widely exploited. The attack vector is inferred to be an authenticated user or attacker who can supply the malicious payload to a location that is stored and later rendered to other users, such as a comment or description field. Without an existing patch, the risk remains medium to high for any environment that allows unauthenticated or low\u2011privilege users to input content that is displayed to higher\u2011privileged users."}}}}, "created": "2026-03-27T08:34:09.500154+00:00", "updated": "2026-03-27T09:26:36.604514+00:00", "vendors": ["solarwinds", "solarwinds$PRODUCT$observability_self-hosted"]}