SolarWinds Web Help Desk XML External Entity Injection (XXE) Vulnerability
(CVE-2025-26400)
Summary
SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files.
Affected Products
SolarWinds Web Help Desk 12.8.6 and all previous versions
Fixed Software Release
SolarWinds Web Help Desk 12.8.7
Acknowledgments
DieuLink, Nhiephon and chung96vn from GCSC Vietnam
Advisory Detail
Severity
5.3 Medium
Advisory ID
First Published
07/29/2025