Known exploited
SolarWinds
CVE published 2026-02-12
CVE-2025-40536
CVE-2025-40536 is a SolarWinds Web Help Desk security control bypass vulnerability that CISA added to its Known Exploited Vulnerabilities (KEV) catalog on 2026-02-12. KEV inclusion means CISA has determined the issue is being actively exploited or has been exploited in the wild. Organizations using Web Help Desk should treat this as a high-priority remediation item and follow vendor instructions immediately.