What Are Critical SolarWinds Web Help Desk Vulnerabilities
SolarWinds has disclosed multiple vulnerabilities affecting its Web Help Desk (WHD) platform, including several rated critical.
These issues allow unauthenticated attackers to bypass security controls and, in some cases, execute arbitrary code remotely. Because Web Help Desk is often deployed as an internet-facing application, these flaws can expose organizations to direct compromise if left unpatched.
The vulnerabilities fall into two main categories:
- Authentication bypass, allowing attackers to access restricted functionality without valid credentials
- Untrusted data deserialization, enabling remote code execution through crafted requests
SolarWinds addressed all reported issues in Web Help Desk version 2026.1.
The following CVEs are involved.
Affected CVEs
- CVE-2025-40551
Critical (CVSS 9.8). Untrusted data deserialization vulnerability that can lead to remote code execution without authentication. - CVE-2025-40552
Critical (CVSS 9.8). Authentication bypass vulnerability that allows unauthorized access to restricted functionality. - CVE-2025-40553
Critical (CVSS 9.8). Untrusted data deserialization issue that may result in arbitrary command execution. - CVE-2025-40554
Critical (CVSS 9.8). Authentication bypass vulnerability that can lead to privilege escalation and system compromise. - CVE-2025-40536
High severity. Security control bypass that weakens existing access enforcement mechanisms. - CVE-2025-40537
High severity. Hardcoded credentials issue that could allow unauthorized access using default credentials.
What Assets Are Affected by Critical SolarWinds Web Help Desk Vulnerabilities
The vulnerabilities affect:
- SolarWinds Web Help Desk versions 12.8.8 Hotfix 1 and earlier
- On-prem deployments and externally accessible instances
- Systems reachable from the internet or untrusted networks
Web Help Desk environments are particularly sensitive because they often run with elevated privileges, store internal system and user data, and sit close to core IT and service desk operations. This makes them attractive entry points for attackers.
Are Fixes Available?
Yes. SolarWinds has released patches for all identified vulnerabilities.
Organizations should:
- Upgrade immediately to SolarWinds Web Help Desk 2026.1
- Confirm that no older WHD instances remain active
- Validate versions across production, staging, and backup systems
Are There Any Other Recommended Actions to Take?
If patching cannot be completed immediately, additional steps can help reduce risk:
- Restrict external access to Web Help Desk using firewall rules or network segmentation
- Monitor logs for unusual requests or authentication behavior
- Review permissions and service accounts associated with WHD
- Identify forgotten or shadow WHD instances that may still be exposed
Given the severity and simplicity of exploitation, organizations should act with urgency.
Is CVE-2026-24858 Being Actively Exploited?
At this time, there are no confirmed reports of active exploitation related to these SolarWinds Web Help Desk vulnerabilities.
However, vulnerabilities that enable unauthenticated access or remote code execution are often quickly analyzed after disclosure. Once patches become publicly available, attackers frequently reverse-engineer them to develop proof-of-concept exploits.
Given the critical severity of these issues and the number of internet-exposed Web Help Desk deployments, organizations should assume exploitation is likely and prioritize remediation accordingly.
How Can CyCognito Help Your Organization?
Fixing vulnerabilities is only part of the challenge. The harder question is whether your organization is actually exposed.
CyCognito continuously maps your external attack surface to identify internet-exposed Web Help Desk instances and validate whether these vulnerabilities are reachable from an attacker’s point of view. This allows security teams to focus remediation efforts on real, exploitable risk rather than theoretical findings.
Following the disclosure of the SolarWinds Web Help Desk vulnerabilities, CyCognito published an Emerging Threat Advisory inside the CyCognito platform on February 4, 2026, and is actively researching enhanced detection and validation capabilities related to these issues.
To learn how CyCognito can help your organization reduce external exposure and manage emerging threats more effectively, contact us to request a demo.
