Which software is vulnerable
- SolarWinds Web Help Desk (WHD) installations exposed to the internet are actively being exploited via remote code execution. Exploitation has been observed in the wild and across Huntress telemetry.
- Versions prior to 2026.1 are affected
- CVEs: CVE-2025-40551, CVE-2025-40536, and CVE-2025-26399
How do I mitigate against this threat
- Apply the latest SolarWinds WHD patch (version 2026.1 or later).
- Rotate credentials for service and admin accounts reachable from WHD
- Remove public internet access to admin paths for WHD
Can Huntress detect if I am compromised?
- Yes. Huntress has detections to detect post-exploit tradecraft, stemming from compromised instances of SolarWinds Web Help Desk
How do I know if we are vulnerable?
- All previous versions of SolarWinds Web Help Desk prior to 12.8.7 HF1 are vulnerable to these vulnerabilities.
You can find the version of your SolarWinds WHD at this path: C:\Program Files\WebHelpDesk\version.txt
I have more specific questions on SolarWinds Web Help Desk
- Contact SolarWinds customer support for product-specific guidance.
- https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm