Critical Authentication Bypass and RCE Flaws in SolarWinds Web Help Desk

First reported

28.01.2026 16:39

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

SolarWinds has released patches for critical vulnerabilities in its Web Help Desk software, including authentication bypass and remote code execution (RCE) flaws. The vulnerabilities, reported by security researchers, can be exploited by unauthenticated attackers in low-complexity attacks. The company advises immediate patching due to the high risk of exploitation.

Timeline

28.01.2026 16:39 1 articles · 23h ago

SolarWinds Patches Critical Web Help Desk Vulnerabilities
SolarWinds has released patches for critical authentication bypass and remote code execution (RCE) flaws in its Web Help Desk software. The vulnerabilities, reported by security researchers, can be exploited by unauthenticated attackers in low-complexity attacks. The company advises immediate patching due to the high risk of exploitation.
Show sources

SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws — www.bleepingcomputer.com — 28.01.2026 16:39
Open in new tab

Information Snippets

SolarWinds patched critical authentication bypass vulnerabilities (CVE-2025-40552, CVE-2025-40554) reported by watchTowr's Piotr Bazydlo.
First reported: 28.01.2026 16:39

1 source, 1 article
Show sources
- SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws — www.bleepingcomputer.com — 28.01.2026 16:39
A critical RCE flaw (CVE-2025-40553) due to untrusted data deserialization was also reported by Bazydlo.
First reported: 28.01.2026 16:39

1 source, 1 article
Show sources
- SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws — www.bleepingcomputer.com — 28.01.2026 16:39
Another RCE vulnerability (CVE-2025-40551) was reported by Horizon3.ai's Jimi Sebree.
First reported: 28.01.2026 16:39

1 source, 1 article
Show sources
- SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws — www.bleepingcomputer.com — 28.01.2026 16:39
A high-severity hardcoded credentials vulnerability (CVE-2025-40537) was discovered by Sebree.
First reported: 28.01.2026 16:39

1 source, 1 article
Show sources
- SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws — www.bleepingcomputer.com — 28.01.2026 16:39
SolarWinds advises upgrading to Web Help Desk 2026.1 to address these vulnerabilities.
First reported: 28.01.2026 16:39

1 source, 1 article
Show sources
- SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws — www.bleepingcomputer.com — 28.01.2026 16:39
Previous Web Help Desk vulnerabilities have been actively exploited in attacks.
First reported: 28.01.2026 16:39

1 source, 1 article
Show sources
- SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws — www.bleepingcomputer.com — 28.01.2026 16:39

Summary

Timeline

SolarWinds Patches Critical Web Help Desk Vulnerabilities

Information Snippets