Impact Analysis

Exploitation of this vulnerability can lead to the execution of malicious scripts within the SolarWinds Observability Self-Hosted environment.

This can compromise the confidentiality and integrity of information handled by the application, potentially exposing sensitive data or allowing unauthorized data manipulation.

However, there is no impact on the availability of the system.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate the stored cross-site scripting vulnerability in SolarWinds Observability Self-Hosted, you should upgrade to version 2026.1.1 or later, where the issue has been fixed.

This update addresses the vulnerability by preventing malicious script injection and execution, thereby enhancing the security and integrity of the software.

Useful 0 Not Useful 0

Compliance Impact

The stored cross-site scripting (XSS) vulnerability in SolarWinds Observability Self-Hosted can lead to unintended script execution, potentially compromising confidentiality and integrity of data.

Such compromises in confidentiality and integrity could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and maintaining data integrity.

However, the provided information does not explicitly discuss the direct effects of this vulnerability on compliance with these standards.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-28298 is a stored cross-site scripting (XSS) vulnerability affecting SolarWinds Observability Self-Hosted versions 2026.1 and earlier.

This vulnerability allows an attacker to inject malicious scripts that are stored and later executed unintentionally by users of the application.

When exploited, it can lead to unintended script execution within the application, potentially compromising the confidentiality and integrity of data.

Useful 0 Not Useful 0