SolarWinds Web Help Desk Multiple Vulnerabilities

Last Update Date: 4 Feb 2026 Release Date: 30 Jan 2026 19393 Views

RISK: Extremely High Risk

Extremely High Risk

TYPE: Clients - Productivity Products

TYPE: Productivity Products

Multiple vulnerabilities were identified in SolarWinds Web Help Desk. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, elevation of privilege and security restriction bypass on the targeted system.

 

Note: 

CVE-2025-40551 is actively exploited in the wild. An unauthenticated attacker could exploit an untrusted data deserialization vulnerability, leading to remote code execution. Hence, the risk level is rated as Extremely High Risk.

 

CVE-2025-40536 is actively exploited in the wild. A security control bypass vulnerability could allow an unauthenticated attacker to gain access to certain restricted functionality. Hence, the risk level is rated as High Risk.

 

[Updated on 2026-02-04]

Updated Description, Related Links and Risk Level. 

 

[Updated on 2026-02-13]

Updated Description and Related Links. 

Impact

  • Remote Code Execution
  • Security Restriction Bypass
  • Elevation of Privilege

System / Technologies affected

  • SolarWinds Web Help Desk 12.8.8 HF1 and all previous versions

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

  • Update to SolarWinds Web Help Desk version 2026.1 or later

Vulnerability Identifier

Source

Related Link

Related Tags

SolarWindsRemote Code ExecutionSecurity Restriction BypassElevation of PrivilegeExploit In The Wild

Share with

Previous

GitLab Multiple Vulnerabilities

8 Dec 2021 11577 Views

Next

Google Chrome Multiple Vulnerabilities

4 Feb 2026 26879 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY