CVE-2025-26399 SolarWinds CVE debrief

Who should care

Organizations that run SolarWinds Web Help Desk, especially teams responsible for patching, application security, and incident response. This is also important for asset owners who need to confirm whether the product is in use and whether mitigations or updates have been applied.

Technical summary

The issue is described as a deserialization of untrusted data vulnerability in SolarWinds Web Help Desk. CISA identifies it as actively exploited and links to the SolarWinds security advisory, related Web Help Desk release notes, and the NVD record. No CVSS score was provided in the supplied source corpus.

Defensive priority

Urgent

Recommended defensive actions

• Review the SolarWinds security advisory referenced by CISA for CVE-2025-26399 and apply the vendor-recommended mitigations or updates.
• If mitigations are unavailable, discontinue use of the product as directed by CISA.
• For cloud services where applicable, follow BOD 22-01 guidance and verify that any required compensating controls are in place.
• Confirm whether SolarWinds Web Help Desk is deployed anywhere in your environment, including test or secondary instances.
• Prioritize validation of remediation status before the CISA due date associated with this KEV entry.

Evidence notes

CISA’s Known Exploited Vulnerabilities catalog lists CVE-2025-26399 for SolarWinds Web Help Desk with dateAdded 2026-03-09 and dueDate 2026-03-12. The supplied CISA metadata states the required action is to apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. CISA also cites the SolarWinds advisory, Web Help Desk release notes, and the NVD detail page as supporting references.

Official resources