Solarwinds Web Help Desk
18 CVEs affecting Solarwinds Web Help Desk. Latest disclosed: 2026-06-02. Critical: 8, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-40554 | Critical | 9.8 | 2026-01-28 | SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific a… |
CVE-2025-40553 | Critical | 9.8 | 2026-01-28 | SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would a… |
CVE-2025-40552 | Critical | 9.8 | 2026-01-28 | SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute acti… |
CVE-2025-40551 | Critical | 9.8 | 2026-01-28 | SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would a… |
CVE-2025-26399 | Critical | 9.8 | 2025-09-23 | SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, wo… |
CVE-2024-28988 | Critical | 9.8 | 2025-09-01 | SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker… |
CVE-2024-28986 | Critical | 9.8 | 2024-08-13 | SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker… |
CVE-2024-28987 | Critical | 9.1 | 2024-08-21 | The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functi… |
CVE-2026-28299 | High | 8.2 | 2026-06-02 | SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when exploited, could cause the Web Help Desk server to crash due… |
CVE-2025-40536 | High | 8.1 | 2026-01-28 | SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to g… |
CVE-2025-40537 | High | 7.5 | 2026-01-28 | SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrat… |
CVE-2021-35232 | Medium | 6.8 | 2021-12-27 | Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host mach… |
CVE-2024-28989 | Medium | 5.5 | 2025-02-11 | SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software. |
CVE-2025-26400 | Medium | 5.3 | 2025-07-29 | SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid… |
CVE-2024-45709 | Medium | 5.3 | 2024-12-10 | SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to… |
CVE-2021-35251 | Medium | 5.3 | 2022-03-09 | Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web… |
CVE-2021-35243 | Medium | 5.3 | 2021-12-23 | The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP… |
CVE-2021-32076 | Medium | 5.3 | 2021-08-26 | Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizar… |