321 CVEs

10 in CISA KEV

SolarWinds Vulnerabilities

CVE security advisories and vulnerability history for SolarWinds.

321

Total CVEs

Published

10

In CISA KEV

Exploited in the wild

55

Public exploits

With known exploit

7.3

Avg CVSS

2001–2026

Overview

SolarWinds has 321 published CVE records since 2001, of which 10 are in CISA's Known Exploited Vulnerabilities catalog and 55 have a known public exploit. The average CVSS base score across scored CVEs is 7.3.

This page aggregates every publicly disclosed vulnerability (CVE) affecting SolarWinds products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of SolarWinds's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical34

High91

Medium63

Low5

128 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

10

10 of SolarWinds's CVEs are confirmed exploited in the wild.

Public exploits

55

55 of SolarWinds's CVEs have a known public exploit available.

Most affected products

The SolarWinds products with the most published CVEs.

orion platform51 CVEs
SolarWinds Platform45 CVEs
serv-u39 CVEs
Access Rights Manager32 CVEs
access_rights_manager23 CVEs
Web Help Desk22 CVEs
serv-u file server21 CVEs
serv-u ftp server12 CVEs

Common weakness types

The CWE weakness categories most often found in SolarWinds CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish SolarWinds CVE records.

Disclosure activity by year

How many SolarWinds CVEs were published each year.

2019

14

2020

36

2021

60

2022

24

2023

47

2024

44

2025

21

2026

14

Latest SolarWinds CVEs

The most recently disclosed vulnerabilities affecting SolarWinds.

SolarWinds Web Help Desk Denial-of-Service Vulnerability
CWE-770
High · CVSS 8.2
2026-06-02
FTP Voyager 16.2.0 Denial of Service via Malformed Site Profile
CWE-787
Medium · CVSS 6.9
EPSS 0.0%2026-04-04
SolarWinds Observability Self-Hosted Stored Cross-Site Scripting Vulnerability
CWE-79
Medium · CVSS 5.9
EPSS 0.0%2026-03-26
SolarWinds Observability Self-Hosted Stored Cross-Site Scripting Vulnerability
CWE-79
Medium · CVSS 6.1
EPSS 0.0%2026-03-26
SolarWinds Serv-U Insecure Direct Object Reference (IDOR) Remote Code Execution Vulnerability
CWE-704
Critical · CVSS 9.1
EPSS 0.0%2026-02-24
SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability
CWE-704
Critical · CVSS 9.1
EPSS 0.1%2026-02-24
SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability
CWE-704
Critical · CVSS 9.1
EPSS 0.1%2026-02-24
SolarWinds Serv-U Broken Access Control Remote Code Execution Vulnerability
CWE-269
Critical · CVSS 9.1
EPSS 0.1%2026-02-24
SolarWinds Web Help Desk Authentication Bypass Vulnerability
CWE-1390
Critical · CVSS 9.8
EPSS 6.3%2026-01-28
SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability
CWE-502
Critical · CVSS 9.8
EPSS 17.4%2026-01-28
SolarWinds Web Help Desk Authentication Bypass Vulnerability
CWE-1390
Critical · CVSS 9.8
EPSS 8.6%2026-01-28
SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability
CISA KEV
CWE-502
Critical · CVSS 9.3
EPSS 87.0%2026-01-28

Track new SolarWinds CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor SolarWinds CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

zyxel334 CVEs HCL Software332 CVEs cybozu330 CVEs moxa315 CVEs paloaltonetworks311 CVEs Palo Alto Networks311 CVEs Hewlett Packard Enterprise311 CVEs opera311 CVEs

Browse all vendors

Frequently asked questions

Common questions about SolarWinds vulnerabilities.

How many CVEs does SolarWinds have?

SolarWinds has 321 published CVE records since 2001, including 35 in the last two years.

How many SolarWinds CVEs are in CISA KEV?

Yes — 10 of SolarWinds's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which SolarWinds products have the most CVEs?

The SolarWinds products with the most published CVEs are orion platform, SolarWinds Platform, serv-u, Access Rights Manager, access_rights_manager.

What are the most common weakness types in SolarWinds CVEs?

SolarWinds's CVEs most often map to these CWE weakness types: CWE-502 (Deserialization of Untrusted Data), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')).

Are there public exploits for SolarWinds vulnerabilities?

Yes — 55 of SolarWinds's CVEs have a known public exploit.

How many critical SolarWinds vulnerabilities are there?

SolarWinds has 34 critical and 91 high-severity CVEs.

What is the average severity of SolarWinds CVEs?

The average CVSS base score across SolarWinds's scored CVEs is 7.3.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track SolarWinds vulnerabilities

Monitor new SolarWinds vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing