CVE-2025-40536

HighCISA KEVActive Exploitation

Published: 28 January 2026

Published

28 January 2026

Modified

13 February 2026

KEV Added

12 February 2026

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.6891 98.6th percentile

Risk Priority 78 60% EPSS · 20% KEV · 20% CVSS

Description

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and correction of software flaws like this security control bypass via vendor-recommended patches for SolarWinds Web Help Desk.

AC-3 Access Enforcement partial match

prevent

Mandates enforcement of approved authorizations for logical access to system resources, directly countering the bypass of security controls for restricted functionality.

SC-7 Boundary Protection partial match

prevent

Monitors and controls communications at external boundaries to block or limit unauthenticated network access required to exploit this vulnerability.

Security SummaryAI

SolarWinds Web Help Desk is affected by CVE-2025-40536, a security control bypass vulnerability classified under CWE-693 (Protection Mechanism Failure). Published on January 28, 2026, the issue carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to potential high impacts on confidentiality, integrity, and availability despite requiring high attack complexity.

An unauthenticated attacker with network access can exploit this vulnerability without user interaction. Successful exploitation allows the attacker to bypass security controls and gain access to certain restricted functionality within SolarWinds Web Help Desk.

SolarWinds has published mitigation details in their security advisory at https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536 and release notes for Web Help Desk 2026.1 at https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm, recommending upgrades to patched versions.

The vulnerability appears in the CISA Known Exploited Vulnerabilities Catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40536, signaling real-world exploitation, with additional reports of active exploitation in related SolarWinds Web Help Desk vulnerabilities documented by Huntress at https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399.

Details

CWE(s): CWE-693
KEV Date Added: 12 February 2026

Affected Products

solarwinds

web help desk

≤ 2026.1

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability allows unauthenticated network access to bypass security controls in a public-facing web application (SolarWinds Web Help Desk), directly enabling exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm
Release Notes · psirt@solarwinds.com
https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536
Vendor Advisory · psirt@solarwinds.com
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40536
US Government Resource · 134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399
Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0