CVE Catalog

CVE-2026-28322

MediumCVSS 5.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

13th percentile — higher than 13% of all known CVEs

Summary

A stored cross-site scripting (XSS) vulnerability was found in SolarWinds Database Performance Analyzer. Exploitation can lead to unintended script execution in the user's browser context.

Risk Assessment

An attacker can inject a malicious script that executes when an administrator views data, potentially leading to session hijacking, data modification, or further compromise of the infrastructure.

Recommendation

Immediately update SolarWinds Database Performance Analyzer to the latest patched version. Until the update is applied, restrict access to the tool's interface and enforce the principle of least privilege.

Original NVD description (English source)

SolarWinds Database Performance Analyzer was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS