06 June 2026
Reference: CVE-2012-2576
1. What is being reported?
The issue is a type of security flaw called SQL injection in the login page of certain SolarWinds products before version 5.1.2. This means attackers can send harmful commands through the login process to take control of the system or access sensitive data.
2. What this means in plain English
If your organisation uses affected SolarWinds software, attackers could potentially break into your system without needing a password, leading to data loss, disruption, or further attacks. This is a high-risk problem that needs prompt attention.
3. Could this affect a small business?
Small businesses or charities using SolarWinds Storage Manager, Storage Profiler, or Backup Profiler versions older than 5.1.2 could be at risk. If you don’t use these products, this vulnerability likely does not affect you.
4. What to do now
- Check if your organisation uses any of the affected SolarWinds products and note their version numbers.
- If you use these products and they are older than version 5.1.2, arrange to update them to the latest version immediately.
- If you cannot update right away, ask your IT provider about temporary measures to reduce risk, such as restricting access to the software’s login page.
- Monitor your systems for any unusual activity and ensure your backups are current and secure.
5. Ask your IT provider
Can you confirm whether our SolarWinds Storage Manager, Storage Profiler, or Backup Profiler software is up to date and protected against the CVE-2012-2576 SQL injection vulnerability?
6. Bottom line
If you use older SolarWinds storage or backup software, update it now to prevent attackers from gaining control through this critical security flaw.
Information based on CISA KEV, NVD, and reputable security reporting.