vulnerability
SolarWinds Orion Platform: Improper Privilege Management Vulnerability (CVE-2021-28674)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:S/C:N/I:P/A:P) | Jul 30, 2021 | Apr 7, 2026 | May 29, 2026 |
Severity
5
CVSS
(AV:N/AC:L/Au:S/C:N/I:P/A:P)
Published
Jul 30, 2021
Added
Apr 7, 2026
Modified
May 29, 2026
Description
The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions.
Solution
solarwinds-orion-platform-upgrade-2020_2_5
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.