SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.
Weakness
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Web_help_desk | Solarwinds | * | 2026.1 (excluding) |
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/1.html
- https://cwe.mitre.org/data/definitions/107.html
- https://cwe.mitre.org/data/definitions/127.html
- https://cwe.mitre.org/data/definitions/17.html
- https://cwe.mitre.org/data/definitions/20.html
- https://cwe.mitre.org/data/definitions/22.html
- https://cwe.mitre.org/data/definitions/237.html
- https://cwe.mitre.org/data/definitions/36.html
- https://cwe.mitre.org/data/definitions/477.html
- https://cwe.mitre.org/data/definitions/480.html
- https://cwe.mitre.org/data/definitions/51.html
- https://cwe.mitre.org/data/definitions/57.html
- https://cwe.mitre.org/data/definitions/59.html
- https://cwe.mitre.org/data/definitions/65.html
- https://cwe.mitre.org/data/definitions/668.html
- https://cwe.mitre.org/data/definitions/74.html
- https://cwe.mitre.org/data/definitions/87.html
References
- https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40536
- https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399