Solarwinds Security Vulnerabilities (CVEs)
Track 81 security vulnerabilities affecting Solarwinds products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
A type confusion vulnerability in SolarWinds Serv-U allows attackers with administrative privileges to execute arbitrary native code with elevated pri...
Feb 24, 2026A broken access control vulnerability in SolarWinds Serv-U allows domain or group administrators to create system admin users and execute arbitrary co...
Feb 24, 2026SolarWinds Web Help Desk contains hardcoded credentials that could allow attackers to access administrative functions under certain conditions. This a...
Jan 28, 2026SolarWinds Web Help Desk has an unauthenticated remote code execution vulnerability via untrusted data deserialization. Attackers can execute arbitrar...
Jan 28, 2026SolarWinds Web Help Desk contains an authentication bypass vulnerability that allows attackers to execute specific actions without proper credentials....
Jan 28, 2026SolarWinds Web Help Desk contains an authentication bypass vulnerability that allows attackers to execute privileged actions without valid credentials...
Jan 28, 2026SolarWinds Web Help Desk has an unauthenticated remote code execution vulnerability via untrusted data deserialization. Attackers can exploit this to ...
Jan 28, 2026SolarWinds Web Help Desk contains a security control bypass vulnerability that allows unauthenticated attackers to access restricted functionality. Th...
Jan 28, 2026A missing validation vulnerability in SolarWinds Serv-U allows administrators to execute arbitrary code. This affects Serv-U deployments where adminis...
Nov 18, 2025A path restriction bypass vulnerability in SolarWinds Serv-U allows administrators to execute code on directories they shouldn't have access to. This ...
Nov 18, 2025SolarWinds Observability Self-Hosted has an open redirection vulnerability where authenticated attackers can manipulate URLs to redirect users to mali...
Nov 18, 2025A logic error vulnerability in SolarWinds Serv-U allows administrators to execute arbitrary code. This affects Serv-U deployments where an attacker ga...
Nov 18, 2025SolarWinds Observability Self-Hosted contains a cross-site scripting (XSS) vulnerability in user-created URL fields that allows authenticated low-priv...
Nov 18, 2025SolarWinds Observability Self-Hosted contains a SQL injection vulnerability that allows authenticated low-privilege users to extract sensitive data fr...
Oct 21, 2025CVE-2025-26399 is an unauthenticated remote code execution vulnerability in SolarWinds Web Help Desk's AjaxProxy component that allows attackers to ex...
Sep 23, 2025CVE-2024-28988 is a critical Java deserialization vulnerability in SolarWinds Web Help Desk that allows unauthenticated attackers to execute arbitrary...
Sep 1, 2025SolarWinds Database Performance Analyzer contains a hard-coded cryptographic key that could enable machine-in-the-middle attacks if exploited. This af...
Aug 12, 2025SolarWinds Observability Self-Hosted has a deserialization vulnerability that allows authenticated low-privilege users to escalate privileges locally....
Jul 24, 2025SolarWinds Observability Self-Hosted has an open redirection vulnerability where attackers can manipulate URLs to redirect authenticated users to mali...
Jun 10, 2025SolarWinds Observability Self-Hosted has a cross-site scripting (XSS) vulnerability in an unsanitized URL field. This allows authenticated administrat...
Jun 10, 2025SolarWinds Platform contains a reflected cross-site scripting vulnerability that allows authenticated high-privileged attackers to inject malicious sc...
Feb 11, 2025SolarWinds Web Help Desk contains a hardcoded cryptographic key that could allow attackers to decrypt sensitive information stored or transmitted by t...
Feb 11, 2025This cross-site scripting (XSS) vulnerability in SolarWinds Platform allows authenticated attackers to inject malicious scripts into the search and no...
Dec 4, 2024SolarWinds Kiwi CatTools can disclose sensitive information when a non-default troubleshooting setting is enabled. This affects administrators who hav...
Oct 17, 2024This Cross-Site Scripting (XSS) vulnerability in SolarWinds Platform allows attackers to inject malicious scripts when users perform edit operations o...
Oct 16, 2024SolarWinds Serv-U contains a directory traversal vulnerability that allows authenticated users to access files outside intended directories. When comb...
Oct 16, 2024SolarWinds Access Rights Manager (ARM) contains hard-coded credentials that allow authentication bypass to the RabbitMQ management console. This vulne...
Sep 12, 2024SolarWinds Access Rights Manager (ARM) contains a deserialization vulnerability (CWE-502) that allows authenticated users to execute arbitrary code re...
Sep 12, 2024CVE-2024-28987 is a hardcoded credential vulnerability in SolarWinds Web Help Desk that allows remote unauthenticated attackers to access internal fun...
Aug 21, 2024CVE-2024-28986 is a Java deserialization vulnerability in SolarWinds Web Help Desk that could allow remote code execution on the host system. While So...
Aug 13, 2024CVE-2024-23475 is a critical directory traversal vulnerability in SolarWinds Access Rights Manager that allows unauthenticated attackers to delete arb...
Jul 17, 2024CVE-2024-28992 is a directory traversal and information disclosure vulnerability in SolarWinds Access Rights Manager that allows unauthenticated attac...
Jul 17, 2024This vulnerability allows authenticated users of SolarWinds Access Rights Manager to execute arbitrary code remotely by exploiting improper authentica...
Jul 17, 2024CVE-2024-23474 is a vulnerability in SolarWinds Access Rights Manager that allows attackers to delete arbitrary files and disclose sensitive informati...
Jul 17, 2024This vulnerability allows unauthenticated attackers to traverse directories and execute arbitrary code with SYSTEM privileges on SolarWinds Access Rig...
Jul 17, 2024CVE-2024-23468 is a directory traversal vulnerability in SolarWinds Access Rights Manager that allows unauthenticated attackers to delete arbitrary fi...
Jul 17, 2024SolarWinds Access Rights Manager (ARM) has a critical remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary c...
Jul 17, 2024SolarWinds Serv-U contains a directory traversal vulnerability that allows attackers to read sensitive files on the host system. This affects organiza...
Jun 6, 2024This stored cross-site scripting (XSS) vulnerability in SolarWinds Platform allows a high-privileged user to inject malicious scripts into the web con...
Jun 4, 2024This CVE describes a SWQL injection vulnerability in SolarWinds Platform that allows attackers to execute arbitrary database queries. It affects Solar...
Jun 4, 2024This vulnerability allows authenticated users of SolarWinds Access Rights Manager to execute arbitrary code remotely on affected systems. Attackers wi...
May 14, 2024This CVE describes a hard-coded credential vulnerability in SolarWinds Access Rights Manager that allows authentication bypass to the RabbitMQ managem...
May 14, 2024This CVE describes an open redirect vulnerability in SolarWinds Platform where attackers can manipulate URL parameters to redirect users to malicious ...
Apr 18, 2024This vulnerability in SolarWinds Serv-U allows attackers with highly privileged accounts to perform directory traversal attacks, potentially leading t...
Apr 17, 2024SolarWinds Access Rights Manager (ARM) contains a directory traversal vulnerability that allows unauthenticated attackers to execute arbitrary code re...
Feb 15, 2024SolarWinds Access Rights Manager (ARM) contains a directory traversal vulnerability that allows unauthenticated attackers to execute arbitrary code re...
Feb 15, 2024SolarWinds Access Rights Manager (ARM) contains a deserialization vulnerability that allows authenticated users to execute arbitrary code remotely. Th...
Feb 15, 2024This SQL injection vulnerability in SolarWinds Platform allows authenticated attackers to execute arbitrary SQL commands via update statements, potent...
Feb 6, 2024This vulnerability allows low-privileged users to exploit directory traversal in SolarWinds Network Configuration Manager to execute arbitrary code wi...
Nov 9, 2023This vulnerability in SolarWinds Network Configuration Manager allows low-privileged users to exploit directory traversal flaws to execute arbitrary c...
Nov 1, 2023Why Monitor Solarwinds Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 81+ known vulnerabilities affecting Solarwinds products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Solarwinds packages in under 60 seconds. No agents required - completely agentless scanning that works across Solarwinds deployments.
Free vulnerability database: Access detailed information about every Solarwinds CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Solarwinds CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
