SolarWinds Web Help Desk XML External Entity Injection (XXE) Vulnerability 

(CVE-2025-26400)

Summary

SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files.

Affected Products

SolarWinds Web Help Desk 12.8.6 and all previous versions

Fixed Software Release

SolarWinds Web Help Desk 12.8.7

Acknowledgments

DieuLink, Nhiephon and chung96vn from GCSC Vietnam

Advisory Detail

Severity

5.3 Medium

Advisory ID

First Published

07/29/2025