The WHD 2026.1 release, issued on January 28, 2026, patches multiple critical and high-severity flaws discovered by security researchers from Horizon3.ai and watchTowr.
Three of the six vulnerabilities carry a critical CVSS score of 9.8, representing the most severe security risks.
CVE-2025-40551 and CVE-2025-40553 involve deserialization of untrusted data, enabling unauthenticated attackers to execute arbitrary commands on vulnerable host machines.
These remote code execution flaws require no authentication, making them particularly dangerous for exposed WHD installations.
| CVE ID | Vulnerability Type | CVSS Score | Severity | Researcher Credit |
|---|---|---|---|---|
| CVE-2025-40551 | Deserialization RCE | 9.8 | Critical | Jimi Sebree (Horizon3.ai) |
| CVE-2025-40552 | Authentication Bypass | 9.8 | Critical | Piotr Bazydlo (watchTowr) |
| CVE-2025-40553 | Deserialization RCE | 9.8 | Critical | Piotr Bazydlo (watchTowr) |
| CVE-2025-40554 | Authentication Bypass | 9.8 | Critical | Piotr Bazydlo (watchTowr) |
| CVE-2025-40536 | Security Control Bypass | 8.1 | High | Jimi Sebree (Horizon3.ai) |
| CVE-2025-40537 | Hardcoded Credentials | 7.5 | High | Jimi Sebree (Horizon3.ai) |
Security researcher Jimi Sebree from Horizon3.ai discovered CVE-2025-40551, while Piotr Bazydlo from watchTowr identified CVE-2025-40553.
Both researchers collaborated closely with SolarWinds’ security and engineering teams to remediate the vulnerabilities before public disclosure.
Two critical authentication bypass vulnerabilities compound the security concerns. CVE-2025-40552 and CVE-2025-40554, both discovered by Piotr Bazydlo, enable malicious actors to execute protected actions and invoke specific methods without proper authentication credentials.
These flaws effectively circumvent WHD’s security controls, granting unauthorized access to administrative functions.
Additionally, CVE-2025-40536 addresses a security control bypass vulnerability with a CVSS score of 8.1.
This high-severity flaw permits unauthenticated attackers to access restricted functionality, further expanding the attack surface for threat actors targeting vulnerable WHD deployments.
The update also resolves CVE-2025-40537, a hardcoded credentials vulnerability rated 7.5 High. Under certain conditions, this flaw could grant access to administrative functions, presenting additional risks for organizations relying on WHD for IT service management.
SolarWinds has implemented NextGen WHD with updated language frameworks and improved security architecture.
The company recommends immediate deployment of the WHD 2026.1 update and urges administrators to create new client accounts linked to admin accounts in production environments rather than using default credentials.
Organizations currently deploying vulnerable versions of WHD should prioritize patching to the 2026.1 release immediately.
The combination of unauthenticated RCE vulnerabilities and authentication bypass flaws creates a critical attack surface that threat actors are likely to exploit rapidly.
Security teams should audit access logs for any suspicious activity and implement network segmentation to limit lateral movement from compromised WHD instances.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post SolarWinds Web Help Desk Hit by Multiple RCE and Authentication Bypass Vulnerabilities appeared first on Cyber Security News.
They look like your average open earbuds, but with optional RGB LED effects. | Photo…
200 Years Ago By virtue of a warrant from the selectmen of the town of…
Ally Connor, back, and Eva Dentremont, bottom, lounge with Lincoln on their porch as the…
SOUTHAMPTON — Residents could again be asked to decide whether to approve a Proposition 2½ override…
NORTHAMPTON — From limericks to lighthearted jabs, the Hotel Northampton ballroom was transformed Friday morning…
EASTHAMPTON — Surging energy costs put a strain on trying to power two large-scale food…
This website uses cookies.