CVE-2020-10148

CRITICAL

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.

CVSS v3.1 Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Complexity

LOW

Privileges

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Published: 12/29/2020Modified: 10/24/2025

Related Intelligence (1)

LOWSupply Chain

Why some security fixes never reach your vulnerability dashboard

On April 22, for roughly 90 minutes, a malicious version of Bitwarden CLI appeared on npm. Version 2026.4.0 contained a credential-stealing payload that executed an obfuscated loader and harvested AWS, Azure, GCP, GitHub, and npm tokens from any developer machine that ran npm install . The attackers reached Bitwarden’s npm publishing path through a compromised GitHub Action related to the Checkmar

CVE-2026-42994CVE-2020-10148

15h agoCSO Online

References (6)

https://kb.cert.org/vuls/id/843464Third Party AdvisoryUS Government Resource https://www.solarwinds.com/securityadvisoryVendor Advisory https://kb.cert.org/vuls/id/843464Third Party AdvisoryUS Government Resource https://www.kb.cert.org/vuls/id/843464Third Party AdvisoryUS Government Resource https://www.solarwinds.com/securityadvisoryVendor Advisory https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-10148US Government Resource