Changeflow GovPing Vulnerability Management SolarWinds Web Help Desk RCE Vulnerability CVE-...
Urgent Notice Added Final

SolarWinds Web Help Desk RCE Vulnerability CVE-2025-26399

Favicon for www.cisa.gov CISA Known Exploited Vulnerabilities (KEV)
Published March 10th, 2026
Detected March 13th, 2026
Email

Summary

CISA has added CVE-2025-26399, a critical remote code execution vulnerability in SolarWinds Web Help Desk, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability affects versions 12.8.7 and below and allows unauthenticated attackers to run commands on the host machine.

View original document View source feed page

What changed

CISA has added CVE-2025-26399 to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation of a critical remote code execution (RCE) vulnerability in SolarWinds Web Help Desk. This vulnerability, a patch bypass of previous CVEs, allows unauthenticated attackers to execute commands on the host machine. The affected versions are 12.8.7 and below.

Organizations using SolarWinds Web Help Desk must immediately review their systems for this vulnerability and apply the necessary patches or mitigations. Failure to do so could result in system compromise. The inclusion in the KEV catalog suggests that federal agencies may be required to patch this vulnerability by a specific deadline, though that deadline is not explicitly stated in this notice.

What to do next

  1. Review SolarWinds Web Help Desk installations for versions 12.8.7 and below.
  2. Apply available patches or implement mitigations for CVE-2025-26399.
  3. Monitor for any specific directives from CISA or other relevant authorities regarding this vulnerability.

Source document (simplified)

Required CVE Record Information

CNA: SolarWinds

Description

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

CWE 1 Total

Learn more
- CWE-502: CWE-502: Deserialization of Untrusted Data

CVSS 1 Total

Learn more
| Score | Severity | Version | Vector String |
| --- | --- | --- | --- |
| 9.8 | CRITICAL | 3.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |

Product Status

Learn more Versions 1 Total

Default Status: unaffected

affected

  • affected at 12.8.7 and below

Credits

  • Anonymous working with Trend Micro Zero Day Initiative reporter

References 2 Total

Authorized Data Publishers

Learn more

CISA-ADP

Updated:

2026-03-10

SSVC and KEV, plus CVSS and CWE if not provided by the CNA.

SSVC 1 Total

Learn more
| Exploitation | Automatable | Technical Impact | Version | Date Accessed |
| --- | --- | --- | --- | --- |
| active | yes | total | 2.0.3 | 2025-09-23 |

KEV 1 Total

Learn more
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-26399 (2026-03-09)

Related changes

Favicon for sam.gov SAM.gov Entity Exclusions Unavailable Due to Maintenance
Routine Mar 14, 2026 SAM.gov Entity Exclusions (Debarments & Suspensions) Trade Procurement
Favicon for sam.gov SAM.gov Entity Registration and Exclusions Unavailable
Routine Mar 14, 2026 SAM.gov Entity Exclusions (Debarments & Suspensions) Trade Procurement
Favicon for sam.gov SAM.gov Entity Exclusions Unavailable During Maintenance
Routine Mar 14, 2026 SAM.gov Entity Exclusions (Debarments & Suspensions) Trade Procurement
Favicon for wid.cert-bund.de CPython Vulnerabilities Allow Remote Code Execution
Priority review Mar 13, 2026 CERT-Bund Security Advisories Vulnerability Alerts
Favicon for wid.cert-bund.de Vim Vulnerability Allows Code Execution (CVSS 6.6)
Priority review Mar 13, 2026 CERT-Bund Security Advisories Vulnerability Alerts
Favicon for wid.cert-bund.de FreeRDP Vulnerabilities - Remote Code Execution
Priority review Mar 13, 2026 CERT-Bund Security Advisories Vulnerability Alerts

Source

Favicon for www.cisa.gov
CISA Known Exploited Vulnerabilities (KEV) cisa.gov/known-exploited-vulnerabilities-catalog
Vulnerability Management
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
Various Federal Agencies
Published
March 10th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Technology companies Manufacturers
Geographic scope
National (US)

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Topics
Vulnerability Management Software Security

Browse Categories

Federal Courts 26 State Courts 91 Securities Regulation 6 Financial Regulation 43 Consumer Protection 5 Drug Safety 45 Data Protection 21 Competition 2 Attorneys General 3 Insurance Regulation 5 Trade & Export 36 Legislation 42 Energy Regulation 13 Environment 3 Labor & Employment 2 Tax 1

Get Vulnerability Management alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CISA Known Exploited Vulnerabilities (KEV) publishes new changes.

Free. Unsubscribe anytime.