**Name of the Vulnerable Software and Affected Versions**

SolarWinds Web Help Desk versions 12.8.7 and earlier

**Description**

A critical vulnerability (CVE-2025-26399) exists in SolarWinds Web Help Desk, allowing for unauthenticated remote code execution (RCE). This flaw is due to improper deserialization of untrusted data within the `AjaxProxy` component. The vulnerability bypasses previous attempts to address the issue, representing a recurring weakness. Successful exploitation allows attackers to execute arbitrary commands on affected systems. Over 31,800 instances are reportedly exposed. The `AjaxProxy` component is susceptible to deserialization of untrusted data, leading to the potential for remote code execution.

**Recommendations**

Update to Web Help Desk version 12.8.7 Hotfix 1.