{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28298", "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "state": "PUBLISHED", "assignerShortName": "SolarWinds", "dateReserved": "2026-02-26T14:15:09.403Z", "datePublished": "2026-03-26T14:08:49.449Z", "dateUpdated": "2026-03-27T03:55:35.745Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "packageName": "2026.1.1", "product": "SolarWinds Observability Self-Hosted", "vendor": "SolarWinds", "versions": [{"status": "affected", "version": "2026.1.1 and previous versions"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "James Donlon-Armadin"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.<br>"}], "value": "SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution."}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2026-03-26T14:08:49.449Z"}, "references": [{"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2026-28298"}, {"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2026-1-1_release_notes.htm"}], "source": {"discovery": "EXTERNAL"}, "title": "SolarWinds Observability Self-Hosted Stored Cross-Site Scripting Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-28298"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T03:55:35.745Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28298", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-26T15:16:02.364424Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T15:16:27.129Z"}}], "cna": {"title": "SolarWinds Observability Self-Hosted Stored Cross-Site Scripting Vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "James Donlon-Armadin"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SolarWinds", "product": "SolarWinds Observability Self-Hosted", "versions": [{"status": "affected", "version": "2026.1.1 and previous versions"}], "packageName": "2026.1.1", "defaultStatus": "affected"}], "references": [{"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2026-28298"}, {"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2026-1-1_release_notes.htm"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.", "supportingMedia": [{"type": "text/html", "value": "SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2026-03-26T14:08:49.449Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28298", "state": "PUBLISHED", "dateUpdated": "2026-03-27T03:55:35.745Z", "dateReserved": "2026-02-26T14:15:09.403Z", "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "datePublished": "2026-03-26T14:08:49.449Z", "assignerShortName": "SolarWinds"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:observability_self-hosted:*:*:*:*:*:*:*:*", "matchCriteriaId": "84D4A29F-B25B-42BD-A817-D40717B25EF6", "versionEndExcluding": "2026.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution."}, {"lang": "es", "value": "SolarWinds Observability Self-Hosted se encontr\u00f3 que estaba afectado por una vulnerabilidad de cross-site scripting almacenado, que, al ser explotada, puede llevar a la ejecuci\u00f3n de scripts no deseados."}], "id": "CVE-2026-28298", "lastModified": "2026-03-31T14:14:55.273", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 5.2, "source": "psirt@solarwinds.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 5.8, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-26T15:16:34.710", "references": [{"source": "psirt@solarwinds.com", "tags": ["Release Notes"], "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2026-1-1_release_notes.htm"}, {"source": "psirt@solarwinds.com", "tags": ["Vendor Advisory"], "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2026-28298"}], "sourceIdentifier": "psirt@solarwinds.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "psirt@solarwinds.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2026.1.1]"}}], "enrichment": {"confidence": 87.0, "confidence_source": "matching", "scores": [{"score": 87.0, "source": "matching"}]}, "original": {"product": "SolarWinds Observability Self-Hosted", "source": "cna", "vendor": "SolarWinds"}, "product": "observability_self-hosted", "vendor": "solarwinds"}], "analysis": {"en": {"generated_at": "2026-03-31T15:39:11.740522+00:00", "value": {"mitigation_remediation": ["Apply the latest SolarWinds Observability Self\u2011Hosted patch or upgrade to a version that contains the fix."], "summary": {"action": "Patch", "impact": "Stored Cross\u2011Site Scripting allowing unintended script execution"}, "threat_synthesis": {"affected_systems": "SolarWinds Observability Self\u2011Hosted is affected. No specific patch or version numbers are provided in the data, but the vulnerability was disclosed in relation to the 2026\u20111\u20111 release. Users should verify that they are running a version newer than the one identified as vulnerable.", "description_and_impact": "A stored cross\u2011site scripting vulnerability exists within SolarWinds Observability Self\u2011Hosted. The flaw enables the insertion of malicious JavaScript that is saved and subsequently delivered to other users who view the affected content. This can result in unintended script execution, exposing users to potential phishing, credential theft, or other client\u2011side attacks. The weakness originates from an input validation flaw that fails to properly sanitize user input before storage and rendering.", "risk_and_exploitability": "The CVSS score of 5.9 indicates a moderate risk, while the EPSS score of less than 1\u202f% suggests a low chance of active exploitation observed in the wild. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, further indicating limited exploitation. The attack vector is inferred to be through the platform\u2019s data entry or configuration interfaces, requiring an attacker to inject malicious payloads that are then stored and rendered to other authenticated users. No additional prerequisites or conditions are detailed, but successful exploitation likely depends on the target\u2019s user permissions."}}}}, "created": "2026-03-27T08:34:09.500154+00:00", "updated": "2026-03-31T20:09:03.878342+00:00", "vendors": ["solarwinds", "solarwinds$PRODUCT$observability_self-hosted"]}