{"id":185369,"date":"2026-02-05T14:19:00","date_gmt":"2026-02-05T19:19:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/05\/critical-flaw-in-solarwinds-web-help-desk-under-exploitation\/"},"modified":"2026-02-07T10:55:29","modified_gmt":"2026-02-07T15:55:29","slug":"critical-flaw-in-solarwinds-web-help-desk-under-exploitation","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/05\/critical-flaw-in-solarwinds-web-help-desk-under-exploitation\/","title":{"rendered":"Critical flaw in SolarWinds Web Help Desk under exploitation"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/critical-flaw-solarwinds-web-help-desk-exploitation\/811487\/\">Critical flaw in SolarWinds Web Help Desk under exploitation<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/critical-flaw-solarwinds-web-help-desk-exploitation\/811487\/\">https:\/\/www.cybersecuritydive.com\/news\/critical-flaw-solarwinds-web-help-desk-exploitation\/811487\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-05 14:19:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>A critical vulnerability in SolarWinds Web Help Desk is facing exploitation activity, about a week after the security flaw was disclosed.\u00a0<br \/>\nThe vulnerability, tracked as CVE-2025-40551, involves deserialization of untrusted data and enables an attacker to achieve remote code execution. This would allow an attacker to execute commands on a host machine. The vulnerability has a severity score of 9.8.<br \/>\nThe Cybersecurity and Infrastructure Security Agency on Tuesday added the flaw to its Known Exploited Vulnerabilities catalog.\u00a0<br \/>\nResearchers at Shadowserver Foundation on Thursday reported about 170 vulnerable IPs.<br \/>\nThe problem results from unsafe handling of attacker-controlled Java objects within Ajax Java functionality, according to researchers at Horizon3.ai.<br \/>\nThe vulnerability is one of four critical flaws in the product. SolarWinds issued an advisory on Jan. 28, asking users to upgrade to a patched version.\u00a0<\/p>\n<p>The security risk is considered important to enterprise users because Web Help Desk is used for IT ticketing and asset management, according to a blog released by Rapid7. An attack could affect a company\u2019s incident response and access control capabilities.<br \/>\nSolarWinds said it is aware of the reported issues related to the vulnerability, and confirmed they were addressed in the WHD 2026.1 release.\u00a0<br \/>\n\u201cUpdates and patches are available, and we recommend customers apply them promptly,\u201d the company told Cybersecurity Dive via email. \u201cBased on our review, we have not observed widespread exploitation, and we are continuing to monitor the situation and partner with customers closely.\u201d<br \/>\nEditor\u2019s note: Updates with comments from SolarWinds.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Critical flaw in SolarWinds Web Help Desk under exploitation https:\/\/www.cybersecuritydive.com\/news\/critical-flaw-solarwinds-web-help-desk-exploitation\/811487\/ Publish Date: 2026-02-05 14:19:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":185370,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/uDDrf4-M6rknsJ_27IWm2GsSWO95uCHcOjEulikEaf0\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy0xMzQzNDk5MjAzLmpwZw==.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,27],"class_list":["post-185369","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/185369"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=185369"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/185369\/revisions"}],"predecessor-version":[{"id":185371,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/185369\/revisions\/185371"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/185370"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=185369"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=185369"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=185369"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}