Unrated severityCISA KEVNVD Advisory· Published Sep 23, 2025· Updated Mar 10, 2026
SolarWinds Web Help Desk Deserialization of Untrusted Data Privilege Escalation Vulnerability
CVE-2025-26399
Description
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- SolarWinds/Web Help Deskv5Range: 12.8.7 and below
Patches
Vulnerability mechanics
References
2News mentions
4- Adriatic Port Cyber-Attack by Anubis Sparks Warning Over Maritime Security RisksInfosecurity Magazine · Jun 15, 2026
- 16th March – Threat Intelligence ReportCheck Point Research · Mar 16, 2026
- Buy A Help Desk, Bundle A Remote Access Solution? (SolarWinds Web Help Desk Pre-Auth RCE Chain(s))watchTowr Labs · Feb 25, 2026
- Risky Business #824 -- Microsoft's Secure Future is looking a bit wobblyRisky Business · Feb 11, 2026