vulnerability
SolarWinds Orion Platform: ActionPluginBaseView Deserialization of Untrusted Data RCE Vulnerability (CVE-2021-35215)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | Sep 1, 2021 | Apr 7, 2026 | May 29, 2026 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Sep 1, 2021
Added
Apr 7, 2026
Modified
May 29, 2026
Description
Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.
Solution
solarwinds-orion-platform-upgrade-2020_2_6
References
- CVE-2021-35215
- https://attackerkb.com/topics/CVE-2021-35215
- https://documentation.solarwinds.co/enm/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm
- https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35215
- https://www.zerodayinitiative.com/advisories/ZDI-21-1245/
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-21858
- CWE-502
- EUVD-EUVD-2021-21858
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.