wid-sec-w-2026-0869 · Published 2026-03-25 · View on BSI CERT-Bund ↗

SolarWinds Platform: Multiple Vulnerabilities allow Cross-Site Scripting

CVSS 6.1 MEDIUM

Risk Summary

SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.

CVEs (2)

CVE-2026-28297 CVE-2026-28298

Affected Vendors

SolarWinds

Affected Products (2)

SolarWinds · Platform <2026.1.1

SolarWinds · Platform 2026.1.1

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more