What immediate steps should I take to mitigate this vulnerability?

To mitigate the stored cross-site scripting vulnerability in SolarWinds Observability Self-Hosted, you should upgrade the affected software to version 2026.1.1 or later, as this version contains the fix for the vulnerability.

Since the vulnerability requires high privileges to exploit and affects confidentiality and integrity, ensure that access to the application is restricted to trusted users and monitor for any unusual activity.

Useful 0 Not Useful 0

Can you explain this vulnerability to me?

CVE-2026-28297 is a stored cross-site scripting (XSS) vulnerability affecting SolarWinds Observability Self-Hosted versions 2026.1 and earlier.

When exploited, this vulnerability allows an attacker to execute unintended scripts within the affected application.

Useful 0 Not Useful 0

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The stored cross-site scripting (XSS) vulnerability in SolarWinds Observability Self-Hosted can lead to unintended script execution, which impacts the confidentiality and integrity of data within the affected application.

Such impacts on confidentiality and integrity could potentially affect compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and maintaining data integrity.

However, the provided information does not explicitly detail how this vulnerability affects compliance with these specific standards or regulations.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

Exploitation of this vulnerability can lead to unintended script execution, which impacts the confidentiality and integrity of the affected system.

• Confidentiality impact is high, meaning sensitive information could be exposed.
• Integrity impact is high, indicating that data or system integrity could be compromised.

The vulnerability does not affect availability.

Useful 0 Not Useful 0