vulnerability
SolarWinds Orion Platform: ActionPluginBaseView Deserialization of Untrusted Data RCE Vulnerability (CVE-2021-35215)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | Apr 7, 2026 | Apr 7, 2026 | Apr 7, 2026 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Apr 7, 2026
Added
Apr 7, 2026
Modified
Apr 7, 2026
Description
Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.
Solution
solarwinds-orion-platform-upgrade-2020_2_6
References
- CVE-2021-35215
- https://attackerkb.com/topics/CVE-2021-35215
- CWE-502
- EUVD-EUVD-2021-21858
- https://documentation.solarwinds.co/enm/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm
- https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-21858
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35215
- https://www.zerodayinitiative.com/advisories/ZDI-21-1245/
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.