SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
The vulnerability is classified as CWE-502 (Deserialization of Untrusted Data) and involves the application processing input data supplied by an attacker without proper verification of its security during deserialization. An attacker can craft a malicious payload and send it to the vulnerable endpoint without needing to possess any credentials. Processing such a payload leads to execution of arbitrary commands on the server hosting the application.
An attacker can gain the ability to execute arbitrary commands remotely on the server (RCE), which in practice means complete takeover of the system, including access to sensitive data, modification of resources, and potential lateral movement within the internal network.
SolarWinds Web Help Desk should be updated immediately to version 2026.1 or later, in accordance with information contained in the official release notes and SolarWinds security bulletin. Due to active exploitation (CISA KEV), the update should be performed immediately. Until the patch is deployed, it is recommended to restrict access to the application only to trusted networks or IP addresses.
SolarWinds Web Help Desk — versions indicated in the vendor's references (patch available in WHD 2026.1 according to the vendor's release notes)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSolarwinds Web Help Desk
APPSolarwinds< 2026.1
CISA KEV — detailsi
- Vendori
- SolarWinds
- Producti
- Web Help Desk
- Added to KEVi
- February 3, 2026
- Remediation deadline (US Federal)i
- February 6, 2026(overdue)
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
Related vulnerabilities
RCE przez deserializację AjaxProxy w SolarWinds Web Help Desk (nieuwierzytelniony)
SolarWinds Web Help Desk – hardcoded credential umożliwia zdalny dostęp
RCE przez Java Deserialization w SolarWinds Web Help Desk
SolarWinds Web Help Desk — pominięcie uwierzytelnienia (Auth Bypass)
SolarWinds Web Help Desk — zdalne wykonanie kodu przez niebezpieczną deserializację