CVE-2026-28322 PUBLISHED

SolarWinds Database Performance Analyzer Stored Cross-Site Scripting Vulnerability

Assigner: SolarWinds
Reserved: 26.02.2026 Published: 30.06.2026 Updated: 30.06.2026

SolarWinds Database Performance Analyzer was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.

Metrics

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
CVSS Score: 5.6

Product Status

Vendor SolarWinds
Product Database Performance Analyzer
Versions Default: unaffected
  • Version 2026.1 and below is affected

Solutions

SolarWinds recommends customers upgrade to SolarWinds Database Performance Analyzer version 2026.2 as soon as is practical.

References

Problem Types

  • CWE-20 Improper Input Validation CWE

Impacts

  • CAPEC-63 Cross-Site Scripting (XSS)