SolarWinds Web Help Desk untrusted data deserialization RCE (CVE-2025-40553)
Vulnerability
Summary
Hide ▲
Show ▼
SolarWinds Web Help Desk CVE-2025-40553 is a critical remote code execution flaw that can let unauthenticated or unprivileged attackers run commands on vulnerable hosts. SolarWinds has released security updates and says upgrading to Web Help Desk 2026.1 addresses the issue. The bug stems from an untrusted data deserialization weakness, making exposed help desk servers a high-risk target.
Related Happenings
SolarWinds Serv-U advisory and mitigations for CVE-2026-28318
Advisory/Mitigation
H score52
First: 06.06.2026 11:14
Last: 06.06.2026 11:14
Sources 1
About this happening:
**SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...
SolarWinds Serv-U advisory and mitigations for CVE-2026-28318
Advisory/MitigationAbout this happening: **SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...
CISA KEV order for SolarWinds Serv-U CVE-2026-28318
Public Sector Action
H score50
First: 06.06.2026 11:14
Last: 06.06.2026 11:14
Sources 1
About this happening:
**CISA** added **CVE-2026-28318** affecting **SolarWinds Serv-U** to the **KEV catalog** and ordered **FCEB agencies** to remediate it by **June 19, 2026**. The directive expands...
CISA KEV order for SolarWinds Serv-U CVE-2026-28318
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-28318** affecting **SolarWinds Serv-U** to the **KEV catalog** and ordered **FCEB agencies** to remediate it by **June 19, 2026**. The directive expands...
SolarWinds Web Help Desk (WHD) multi-stage exploitation wave
Exploitation Wave
H score44
First: 09.02.2026 16:42
Last: 09.02.2026 16:42
Sources 1
About this happening:
**SolarWinds Web Help Desk (WHD)** exploitation is a **multi-stage intrusion wave** affecting **internet-exposed WHD instances**. The foothold remains unconfirmed, but the wave is...
SolarWinds Web Help Desk (WHD) multi-stage exploitation wave
Exploitation WaveAbout this happening: **SolarWinds Web Help Desk (WHD)** exploitation is a **multi-stage intrusion wave** affecting **internet-exposed WHD instances**. The foothold remains unconfirmed, but the wave is...
Latest development: 10.03.2026 08:17
CISA added CVE-2025-26399 in SolarWinds Web Help Desk to its Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation, said Microsoft and Huntress had reported threat actors using SolarWinds Web Help Desk flaws to obtain initial access, attributed the activity to the Warlock ransomware crew, and ordered Federal Civilian Executive Branch (FCEB) agencies to apply the fix by March 12, 2026.
BeyondTrust Remote Support and Privileged Remote Access pre-auth OS command injection (CVE-2026-1731)
Vulnerability
H score75
First: 09.02.2026 10:03
Last: 09.02.2026 10:03
Sources 1
About this happening:
**CVE-2026-1731** is a **critical pre-authentication OS command injection** in **BeyondTrust Remote Support** and **Privileged Remote Access** that can let an **unauthenticated at...
BeyondTrust Remote Support and Privileged Remote Access pre-auth OS command injection (CVE-2026-1731)
VulnerabilityAbout this happening: **CVE-2026-1731** is a **critical pre-authentication OS command injection** in **BeyondTrust Remote Support** and **Privileged Remote Access** that can let an **unauthenticated at...
Latest development: 09.02.2026 15:07
BeyondTrust secured all RS/PRA cloud systems by February 2, 2026 and directed on-premises customers to manually upgrade to Remote Support 25.3.2 or later and Privileged Remote Access 25.1.1 or later if automatic updates were not enabled.
CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551
Public Sector Action
H score53
First: 04.02.2026 07:50
Last: 04.02.2026 07:50
Sources 1
About this happening:
**CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...
CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551
Public Sector ActionAbout this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...
Timeline
-
28.01.2026 16:39 3 articles · 5mo ago
SolarWinds patches Web Help Desk CVE-2025-40553
Mitigation Patch UpdateSolarWinds released security updates for Web Help Desk to address CVE-2025-40553, a critical remote code execution flaw reported by watchTowr's Piotr Bazydlo that stems from an untrusted data deserialization weakness and can let attackers without privileges run commands on vulnerable hosts. SolarWinds says upgrading vulnerable servers to Web Help Desk 2026.1 addresses the issue.
Show sources
- SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws — www.bleepingcomputer.com — 28.01.2026 16:39
- SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws — www.bleepingcomputer.com — 28.01.2026 16:39
- SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass — thehackernews.com — 29.01.2026 11:00