Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
SolarWinds Web Help Desk Allows Malicious Code Execution
Known exploited
Exploitation likelihood: 29%
CVE-2025-26399
CVE-2025-26399
Summary
The SolarWinds Web Help Desk software has a security flaw that could let an attacker run unauthorized commands on the computer hosting the software. This means an attacker could potentially take control of the system or access sensitive data. Update the software to the latest version to protect against this risk.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| solarwinds | web_help_desk | <= 12.8.6 | – |
| solarwinds | web_help_desk | 12.8.7 | – |
| solarwinds | web help desk | All versions | – |
Original title
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
Original description
SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machine.
nvd CVSS3.1
9.8
Vulnerability type
CWE-502
Deserialization of Untrusted Data
- https://documentation.solarwinds.com/en/success_center/whd/content/release_notes... Release Notes
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26399 Patch Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-...
- https://www.microsoft.com/en-us/security/blog/2026/02/06/active-exploitation-sol...
Published: 9 Mar 2026 · Updated: 14 Mar 2026 · First seen: 7 Mar 2026