vulnerability
SolarWinds Orion Platform: SolarWinds Platform Deserialization of Untrusted Data Vulnerability (CVE-2023-23836)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:M/C:C/I:C/A:C) | Feb 15, 2023 | Apr 7, 2026 | May 29, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:M/C:C/I:C/A:C)
Published
Feb 15, 2023
Added
Apr 7, 2026
Modified
May 29, 2026
Description
SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands.
Solution
solarwinds-orion-platform-upgrade-latest
References
- CVE-2023-23836
- https://attackerkb.com/topics/CVE-2023-23836
- https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23836
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-27922
- CWE-502
- EUVD-EUVD-2023-27922
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.