SolarWinds Observability Self-Hosted XSS Vulnerability

(CVE-2025-26391)

Summary

SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account.

Affected Products

SolarWinds Observability Self-Hosted 2025.4 and prior versions

Fixed Software Release

SolarWinds Observability Self-Hosted 2025.4 SR1

Acknowledgments

the KPN REDteam

Advisory Details

Severity

5.4 Medium

Advisory ID

CVE-2025-26391

First Published

11/18/2025

Last Published

11/18/2025

Fixed Version

SolarWinds Observability Self-Hosted 2025.4 SR1

CVSS Score

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N