CVE-2025-26399

CVE Database · CVE-2025-26399

CVE-2025-26399

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

88.53%

Published

Sep 23, 2025

Modified

Mar 10, 2026

CISA Known Exploited Vulnerability

Added: 2026-03-09 · Due: 2026-03-12

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (2)

All weaponized →

TrickestTrickest PoC index GitHub PoCrxerium/CVE-2025-26399★2

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-502CWE-502

Affected Products (2)

solarwinds · web_help_deskvulnerable

References (4)

https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm

Release Notes

https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26399

PatchVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-26399

US Government Resource

https://www.microsoft.com/en-us/security/blog/2026/02/06/active-exploitation-solarwinds-web-help-desk/

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs