CVE-2025-40536
SolarWinds Web Help Desk Security Control Bypass Vulnerability
CVSS Score
8.1
EPSS Score
0.0%
EPSS Percentile
0th
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.
| CWE | CWE-693 |
| Vendor | solarwinds |
| Product | web help desk |
| Published | Jan 28, 2026 |
| Last Updated | Feb 26, 2026 |
โ ๏ธ Actively Exploited โ Act Now
Get instant alerts for solarwinds web help desk
This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2025-40536.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
SolarWinds / Web Help Desk
12.8.8 HF1 and below
References
solarwinds.com: https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536 documentation.solarwinds.com: https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40536 huntress.com: https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399
Credits
Jimi Sebree working with Horizon3.ai