SolarWinds Web Help Desk Security Control Bypass Vulnerability 

(CVE-2025-40536)

Download PDF

Summary

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.

Affected Products

SolarWinds Web Help Desk 12.8.8 HF1 and all previous versions

Fixed Software Release

SolarWinds Web Help Desk 2026.1

Acknowledgments

Jimi Sebree working with Horizon3.ai

Advisory Details

Severity

8.1 High

Advisory ID

First Published

01/28/2026

Fixed Version

CVSS Score