{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28297", "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "state": "PUBLISHED", "assignerShortName": "SolarWinds", "dateReserved": "2026-02-26T14:15:09.402Z", "datePublished": "2026-03-26T14:01:37.526Z", "dateUpdated": "2026-03-27T03:55:35.217Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "packageName": "2026.1.1", "platforms": ["Windows"], "product": "SolarWinds Observability Self-Hosted", "vendor": "SolarWinds", "versions": [{"status": "affected", "version": "2026.1.1 and previous versions"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Steven Karschnia - Armadin"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution."}], "value": "SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution."}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2026-03-26T14:09:48.593Z"}, "references": [{"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2026-28297"}, {"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2026-1-1_release_notes.htm"}], "source": {"discovery": "UNKNOWN"}, "title": "SolarWinds Observability Self-Hosted Stored Cross-Site Scripting Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-28297"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T03:55:35.217Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28297", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-26T18:51:03.269069Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T18:51:09.252Z"}}], "cna": {"title": "SolarWinds Observability Self-Hosted Stored Cross-Site Scripting Vulnerability", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Steven Karschnia - Armadin"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SolarWinds", "product": "SolarWinds Observability Self-Hosted", "versions": [{"status": "affected", "version": "2026.1.1 and previous versions"}], "platforms": ["Windows"], "packageName": "2026.1.1", "defaultStatus": "affected"}], "references": [{"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2026-28297"}, {"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2026-1-1_release_notes.htm"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.", "supportingMedia": [{"type": "text/html", "value": "SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2026-03-26T14:09:48.593Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28297", "state": "PUBLISHED", "dateUpdated": "2026-03-27T03:55:35.217Z", "dateReserved": "2026-02-26T14:15:09.402Z", "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "datePublished": "2026-03-26T14:01:37.526Z", "assignerShortName": "SolarWinds"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:observability_self-hosted:*:*:*:*:*:*:*:*", "matchCriteriaId": "84D4A29F-B25B-42BD-A817-D40717B25EF6", "versionEndExcluding": "2026.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution."}, {"lang": "es", "value": "SolarWinds Observability Self-Hosted se encontr\u00f3 que estaba afectado por una vulnerabilidad de cross-site scripting almacenado, la cual, al ser explotada, puede llevar a la ejecuci\u00f3n de scripts no deseados."}], "id": "CVE-2026-28297", "lastModified": "2026-03-31T14:14:02.453", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.2, "source": "psirt@solarwinds.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 5.8, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-26T15:16:34.520", "references": [{"source": "psirt@solarwinds.com", "tags": ["Release Notes"], "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2026-1-1_release_notes.htm"}, {"source": "psirt@solarwinds.com", "tags": ["Vendor Advisory"], "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2026-28297"}], "sourceIdentifier": "psirt@solarwinds.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "psirt@solarwinds.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["windows"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,2026.1.1]"}}], "enrichment": {"confidence": 87.0, "confidence_source": "matching", "scores": [{"score": 87.0, "source": "matching"}]}, "original": {"product": "SolarWinds Observability Self-Hosted", "source": "cna", "vendor": "SolarWinds"}, "product": "observability_self-hosted", "vendor": "solarwinds"}], "analysis": {"en": {"generated_at": "2026-03-31T16:07:32.830029+00:00", "value": {"mitigation_remediation": ["Apply the SolarWinds Observability Self\u2011Hosted patch released in version 2026.1.1, as documented in the vendor\u2019s release notes."], "summary": {"action": "Immediate Patch", "impact": "Client\u2011side script execution (XSS)"}, "threat_synthesis": {"affected_systems": "The vulnerability applies to all variants of SolarWinds Observability Self\u2011Hosted until an update is applied.", "description_and_impact": "SolarWinds Observability Self\u2011Hosted contains a stored cross\u2011site scripting flaw that allows attackers to embed malicious scripts in data displayed to users. When such payloads are injected, they execute in the browsers of any user who views the affected content, enabling session hijacking, data theft, or delivery of additional malware.", "risk_and_exploitability": "The flaw is considered of moderate severity. Exploration analyses suggest a low probability of active exploitation. The vulnerability is not catalogued as a known exploited vulnerability. Attackers must have the privilege to inject data into the system; the injected script runs when affected data is rendered in a victim\u2019s browser."}}}}, "created": "2026-03-27T08:34:12.150071+00:00", "updated": "2026-03-31T20:09:04.863335+00:00", "vendors": ["solarwinds", "solarwinds$PRODUCT$observability_self-hosted"]}