SolarWinds — Vulnerabilities & Security Advisories 166

Browse all 166 CVE security advisories affecting SolarWinds. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SolarWinds provides IT management and monitoring software, primarily serving enterprise networks through its Orion platform. Historically, its applications have exhibited vulnerabilities typical of complex enterprise suites, including remote code execution, cross-site scripting, and privilege escalation flaws. These weaknesses often stem from intricate integration points and legacy codebases. The most significant security incident occurred in 2020, when a supply chain attack compromised the software’s update mechanism, allowing threat actors to insert malicious code into legitimate updates. This breach affected numerous government agencies and private corporations, exposing sensitive data and compromising network integrity. The incident highlighted critical risks in software supply chains and led to widespread scrutiny of the company’s development and security practices. Consequently, SolarWinds has implemented stricter security controls and transparency measures to restore trust and mitigate future risks associated with its widely deployed infrastructure tools.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-28298	SolarWinds Observability Self-Hosted Stored Cross-Site Scripting Vulnerability — SolarWinds Observability Self-HostedCWE-79	5.9	Medium	2026-03-26
CVE-2026-28297	SolarWinds Observability Self-Hosted Stored Cross-Site Scripting Vulnerability — SolarWinds Observability Self-HostedCWE-79	6.1	Medium	2026-03-26
CVE-2025-40541	SolarWinds Serv-U Insecure Direct Object Reference (IDOR) Remote Code Execution Vulnerability — Serv-UCWE-704	9.1	Critical	2026-02-24
CVE-2025-40540	SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability — Serv-UCWE-704	9.1	Critical	2026-02-24
CVE-2025-40539	SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability — Serv-UCWE-704	9.1	Critical	2026-02-24
CVE-2025-40538	SolarWinds Serv-U Broken Access Control Remote Code Execution Vulnerability — Serv-UCWE-269	9.1	Critical	2026-02-24
CVE-2025-40554	SolarWinds Web Help Desk Authentication Bypass Vulnerability — Web Help DeskCWE-1390	9.8	Critical	2026-01-28
CVE-2025-40553	SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability — Web Help DeskCWE-502	9.8	Critical	2026-01-28
CVE-2025-40552	SolarWinds Web Help Desk Authentication Bypass Vulnerability — Web Help DeskCWE-1390	9.8	Critical	2026-01-28
CVE-2025-40551	SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability — Web Help DeskCWE-502	9.8	Critical	2026-01-28
CVE-2025-40537	SolarWinds Web Help Desk Hardcoded Credentials Vulnerability — Web Help DeskCWE-798	7.5	High	2026-01-28
CVE-2025-40536	SolarWinds Web Help Desk Security Control Bypass Vulnerability — Web Help DeskCWE-693	8.1	High	2026-01-28
CVE-2025-40545	SolarWinds Observability Self-Hosted Open Redirection Vulnerability — SolarWinds Observability Self-HostedCWE-601	4.8	Medium	2025-11-18
CVE-2025-26391	SolarWinds Observability Self-Hosted XSS Vulnerability — SolarWinds Observability Self-HostedCWE-79	5.4	Medium	2025-11-18
CVE-2025-40549	SolarWinds Serv-U Path Restriction Bypass Vulnerability — Serv-UCWE-22	9.1	Critical	2025-11-18
CVE-2025-40548	SolarWinds Serv-U Broken Access Control - Remote Code Execution Vulnerability — Serv-UCWE-269	9.1	Critical	2025-11-18
CVE-2025-40547	SolarWinds Serv-U Logic Abuse - Remote Code Execution Vulnerability — Serv-UCWE-116	9.1	Critical	2025-11-18
CVE-2025-26392	SolarWinds Observability Self-Hosted SQL Injection Vulnerability — Observability Self-HostedCWE-89	5.4	Medium	2025-10-21
CVE-2025-26399	SolarWinds Web Help Desk Deserialization of Untrusted Data Privilege Escalation Vulnerability — Web Help DeskCWE-502	9.8	Critical	2025-09-23
CVE-2024-28988	SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability — Web Help DeskCWE-502	9.8	Critical	2025-09-01
CVE-2025-26398	SolarWinds Database Performance Analyzer Hard-coded Cryptographic Key Vulnerability — Database Performance AnalyzerCWE-798	5.6	Medium	2025-08-12
CVE-2025-26400	SolarWinds Web Help Desk XML External Entity Injection (XXE) Vulnerability — Web Help DeskCWE-611	5.3	Medium	2025-07-29
CVE-2025-26397	SolarWinds Observability Self-Hosted Deserialization of Untrusted Data Local Privilege Escalation Vulnerability — SolarWinds Observability Self-HostedCWE-502	7.8	High	2025-07-24
CVE-2025-26395	SolarWinds SWOSH DOM-based reflective XSS Vulnerability — SolarWinds Observability Self-HostedCWE-79	7.1	High	2025-06-10
CVE-2025-26394	SolarWinds SWOSH Open Redirection Vulnerability — SolarWinds Observability Self-HostedCWE-601	4.8	Medium	2025-06-10
CVE-2025-26396	SolarWinds Dameware Mini Remote Control Service Incorrect Permissions Local Privilege Escalation Vulnerability — Dameware Mini Remote Control ServiceCWE-269	7.8	High	2025-06-02
CVE-2024-45712	SolarWinds Serv-U Client-Side Cross-Site Scripting Vulnerability — Serv-UCWE-79	2.6	Low	2025-04-15
CVE-2025-26393	SolarWinds Service Desk Broken Access Control Vulnerability — Service DeskCWE-653	5.4	Medium	2025-03-17
CVE-2024-52611	SolarWinds Platform Information Disclosure Vulnerability — SolarWinds PlatformCWE-209	3.5	Low	2025-02-11
CVE-2024-52612	SolarWinds Platform Reflected Cross-Site Scripting Vulnerability — SolarWinds PlatformCWE-79	6.8	Medium	2025-02-11

This page lists every published CVE security advisory associated with SolarWinds. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

SolarWinds — Vulnerabilities & Security Advisories 166