SolarWinds Releases Patches for Four Critical Web Help Desk Vulnerabilities

SolarWinds has released patches for four critical vulnerabilities affecting SolarWinds Web Help Desk, including flaws that allow authentication bypass and unauthenticated remote code execution (RCE). Among these, CVE-2025-40536 (CVSS score 8.1) is a security control bypass vulnerability exploitable by an unauthenticated attacker. Security updates were released in January 2026 to address these risks. Full technical details of the other vulnerabilities are not specified in the excerpt.