Unrated severityNVD Advisory· Published Jan 28, 2026· Updated Feb 26, 2026

SolarWinds Web Help Desk Authentication Bypass Vulnerability

CVE-2025-40554

Description

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.

Affected products

Webhelpdesk/Web Help Deskllm-fuzzy
SolarWinds/Web Help Deskv5
Range: 12.8.8 HF1 and below

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.solarwinds.com/trust-center/security-advisories/CVE-2025-40554mitrevendor-advisorypatch
documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htmmitrerelease-notes

News mentions

Buy A Help Desk, Bundle A Remote Access Solution? (SolarWinds Web Help Desk Pre-Auth RCE Chain(s))
watchTowr Labs · Feb 25, 2026

cvss	0.000
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000