SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.
The vulnerability results from improper user identity verification in the Web Help Desk application. An attacker, operating remotely without authentication and without any interaction from the victim, can trigger specific actions within the system. The attack vector is network-based (AV:N), attack complexity is low (AC:L), meaning exploitation of this vulnerability does not require specialized knowledge or special conditions.
Successful exploitation of this vulnerability may allow an attacker to perform unauthorized operations in the SolarWinds Web Help Desk system, potentially leading to breaches of confidentiality, integrity, and availability of data managed by the helpdesk system.
Apply patches available from the vendor according to references — update SolarWinds Web Help Desk to the version described in WHD 2026-1 release notes available at: https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm
SolarWinds Web Help Desk — specific vulnerable versions indicated in vendor references (WHD 2026-1 release notes and SolarWinds advisory)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSolarwinds Web Help Desk
APPSolarwinds< 2026.1
Related vulnerabilities
RCE przez deserializację w SolarWinds Web Help Desk — bez uwierzytelnienia
RCE przez deserializację AjaxProxy w SolarWinds Web Help Desk (nieuwierzytelniony)
SolarWinds Web Help Desk – hardcoded credential umożliwia zdalny dostęp
RCE przez Java Deserialization w SolarWinds Web Help Desk
SolarWinds Web Help Desk — pominięcie uwierzytelnienia (Auth Bypass)