SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
Release Date: 09th of March 2026
Impact : HIGH / CRITICAL
TLP Rating: Clear 
CERT Vanuatu (CERTVU) and the Department of Communication and Digital Transformation (DCDT) provide the following advisory.
This alert is relevant to Organizations and System/Network administrators that utilize the above products. This alert is intended to be understood by technical users and systems administrators.
What is it?
CVE-2025-26399 is a critical remote code execution (RCE) vulnerability affecting the SolarWinds Web Help Desk platform. The vulnerability arises from deserialization of untrusted data (CWE-502) in the AjaxProxy component, which fails to properly validate user-supplied input before processing it.
What are the Systems affected?
The vulnerability affects installations of:
- SolarWinds Web Help Desk
- Version 12.8.7 and earlier releases of the software.
What does this mean?
Attackers exploit the vulnerability through malicious serialized data sent to the AjaxProxy endpoint of the application.
Mitigation process
CERTVU recommends the following:
- Apply Vendor Security Updates:.
- olarWinds Web Help Desk 12.8.7 Hotfix 1 (HF1) or later.
- Restrict External Access (If immediate patching is not possible):
- Limit Web Help Desk access to internal networks or VPN only
- Block public access via firewall rules.
References
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- https://www.cve.org/CVERecord?id=CVE-2025-26399
- Download advisory (English): SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability Release Date: 09th of March 2026