CVE-2025-26398 MEDIUM

CVE-2025-26398: SolarWinds Database Performance Analyzer Hard-coded Cryptographic Key Vulnerability

Vendor Solarwinds
Product Database Performance Analyzer
Weakness CWE-798 · Hardcoded credentials
Published August 12, 2025
Last update February 26, 2026

CVSS base score

5.6/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not installed by default, local access to the server and administrator level privileges on the host.

Key dates

02Disclosure timeline

August 12, 2025 CVE published
February 26, 2026 Record updated