Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

SolarWinds Web Help Desk Untrusted Data Deserialization Remote Code Execution Vulnerability

Vulnerability

Exploited

Patched

A remote code execution vulnerability has been identified in SolarWinds Web Help Desk. This issue arises from an untrusted data deserialization vulnerability that could allow an attacker to execute commands on the host machine. The vulnerability can be exploited without authentication.

Impact

Exploitation of this vulnerability allows for remote code execution on the host machine.

Remediation

Users can upgrade to SolarWinds Web Help Desk version 2026.1 or later, where this vulnerability has been addressed. For instructions on upgrading, see the WHD Installation and Upgrade Guide.

Added: Jan 28, 2026, 8:24 AM

Updated: Feb 3, 2026, 7:17 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

8.5

remediation

7.7

relevance

2.4

threat

9.7

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

8.5

remediation

7.7

relevance

2.4

threat

9.7

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

SolarWinds Web Help Desk Untrusted Data Deserialization Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

SolarWinds Web Help Desk

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating