CVE-2025-26399

Name of the Vulnerable Software and Affected Versions SolarWinds Web Help Desk versions prior to 12.8.7 Hotfix 1 SolarWinds Web Help Desk versions 12.8.3 and earlier SolarWinds Web Help Desk version 2026.1

Description SolarWinds Web Help Desk is affected by a critical remote code execution (RCE) vulnerability (CVE-2025-26399) stemming from a deserialization of untrusted data flaw within the AjaxProxy component. This vulnerability allows unauthenticated attackers to execute arbitrary commands on affected systems. The vulnerability has been actively exploited in the wild, with threat actors utilizing various tools and techniques. Multiple attempts have been made to patch this vulnerability, but previous fixes have been bypassed. The vulnerability allows attackers to gain full host compromise, potentially leading to data exposure, lateral movement, and service disruption. The vulnerability is actively being exploited and poses a significant risk to organizations using vulnerable versions of SolarWinds Web Help Desk.

Recommendations SolarWinds Web Help Desk versions prior to 12.8.7 Hotfix 1: Upgrade to version 12.8.7 Hotfix 1 immediately. SolarWinds Web Help Desk versions 12.8.3 and earlier: Upgrade to version 2026.1. SolarWinds Web Help Desk version 12.8.7: Upgrade to version 2026.1.