SolarWinds Orion ↗
SolarWinds · Infrastructure
0/100 Critical · exploited
Summary iPlain-English security verdict for SolarWinds Orion, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
SolarWinds Orion currently scores 0/100 — critical, with active exploitation. 1 of its known vulnerability is being actively exploited in the wild (CISA KEV), including CVE-2020-10148. Upgrade immediately and review your exposure to the actively-exploited CVEs below.
Disclosure trend iNew CVEs published for SolarWinds Orion each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
'19
'20
'21
'22
'23
'24
'25
'26
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2020-10148 CRITICAL ● exploited CWE-288 EPSS 94% → see advisory CVE-2022-38108 HIGH Insecure deserialization EPSS 89% → fixed in 2020.2.6 CVE-2020-27871 HIGH Path traversal EPSS 87% → see advisory CVE-2021-35215 HIGH Insecure deserialization EPSS 83% → see advisory CVE-2023-23836 HIGH Insecure deserialization EPSS 67% → see advisory CVE-2021-25274 CRITICAL Insecure deserialization EPSS 44% → fixed in 2020.2.4 CVE-2021-35244 MEDIUM Unrestricted file upload EPSS 35% → fixed in 2020.2.6 CVE-2021-27258 CRITICAL Improper access control EPSS 9% → see advisory CVE-2019-9546 CRITICAL CWE-427 EPSS 2% → fixed in 2018.4 CVE-2020-13169 CRITICAL Cross-site scripting (XSS) EPSS 2% → fixed in 2020.2.1ℹ lifecycle unknown — needs latest supported version