Rapid7

vulnerability

SolarWinds Orion Platform: SolarWinds Orion Job Scheduler RCE (CVE-2021-31475)

Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
May 21, 2021
Added
Apr 7, 2026
Modified
May 29, 2026

Description

The vulnerability can be used to achieve authenticated RCE as Administrator. In order to exploit this, an attacker first needs to know the credentials of an unprivileged local account on the Orion Server.

Solution

solarwinds-orion-platform-upgrade-2020_2_5
Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.