CVE-2025-26399

CRITICAL KEV

Solarwinds Web Help Desk < 12.8.6 - Insecure Deserialization

Title source: rule

Description

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

Exploits (1)

nomisec SCANNER 2 stars

by rxerium · poc

https://github.com/rxerium/CVE-2025-26399

View Code ZIP pw:eip

References (4)

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-26399

[Vendor Advisory] https://www.microsoft.com/en-us/security/blog/2026/02/06/active-exploitation-solarwinds-web-help-desk/

[Release Notes] https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm

[Patch, Vendor Advisory] https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26399

Scores

CVSS v3 9.8

EPSS 0.2656

EPSS Percentile 96.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2026-03-09

VulnCheck KEV 2026-01-20

ENISA EUVD EUVD-2025-30842

CWE

CWE-502

Status published

Products (2)

solarwinds/web_help_desk 12.8.7

solarwinds/web_help_desk < 12.8.6

Published Sep 23, 2025

KEV Added Mar 09, 2026

Tracked Since Feb 18, 2026