Primary

Context

SolarWinds Web Help Desk Untrusted Data Deserialization Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability has been identified in SolarWinds Web Help Desk. This issue arises from an untrusted data deserialization flaw that could allow an attacker to execute commands on the host machine. The vulnerability can be exploited without authentication.

Impact

Exploitation of this vulnerability allows for remote code execution on the host machine where Web Help Desk is running.

Remediation

Users can upgrade to SolarWinds Web Help Desk version 2026.1 or later, where this vulnerability has been fixed. Instructions for downloading the latest version are available on the SolarWinds website and through the Customer Portal.

Added: Jan 28, 2026, 8:23 AM

Updated: Jan 28, 2026, 8:23 AM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

6.8

remediation

7.7

relevance

2.3

threat

0.3

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

6.8

remediation

7.7

relevance

2.3

threat

0.3

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SolarWinds Web Help Desk Untrusted Data Deserialization Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

SolarWinds Web Help Desk

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating