CVE-2026-28301

MEDIUM

SolarWinds Observability Self-Hosted Open Redirect Vulnerability

Title source: cna

A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website.

Core 3

Core References

Release Notes release-notes

Vendor Advisory vendor-advisory

X_Secure Configuration Guide x_secure-configuration-guide

CVSS v3 4.8

EPSS 0.0021

EPSS Percentile 11.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

CWE

CWE-601

Status published

Products (1)

SolarWinds/Observability Self-Hosted 2026.1 and previous versions

Published Jun 09, 2026

Tracked Since Jun 09, 2026