CVE-2026-28322
MediumCVSS 5.6Exploitation Probability (EPSS)
Low risk13th percentile — higher than 13% of all known CVEs
Summary
A stored cross-site scripting (XSS) vulnerability was found in SolarWinds Database Performance Analyzer. Exploitation can lead to unintended script execution in the user's browser context.
Risk Assessment
An attacker can inject a malicious script that executes when an administrator views data, potentially leading to session hijacking, data modification, or further compromise of the infrastructure.
Recommendation
Immediately update SolarWinds Database Performance Analyzer to the latest patched version. Until the update is applied, restrict access to the tool's interface and enforce the principle of least privilege.
Original NVD description (English source)
SolarWinds Database Performance Analyzer was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.

