SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws
2026-01-28
SolarWinds has released security updates to patch critical authentication bypass and remote command execution vulnerabilities in its Web Help Desk IT help desk software. [...]
SolarWinds has released security updates to patch critical authentication bypass and remote command execution vulnerabilities in its Web Help Desk IT help desk software.
The authentication bypass security flaws (tracked as CVE-2025-40552 and CVE-2025-40554) patched today by SolarWinds were reported by watchTowr's Piotr Bazydlo and can be exploited by remote unauthenticated threat actors in low-complexity attacks.