Another round of critical Web Help Desk flaws highlights how SolarWinds’ legacy code and past breaches continue to haunt IT and security leaders.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

SolarWinds has disclosed six critical vulnerabilities in its Web Help Desk software, including four critical-rated remote code execution and authentication bypass flaws (CVE scores up to 9.8). The vulnerabilities allow attackers to bypass authentication, execute remote commands, and access restricted functionality without credentials. Security researchers from watchTowr and Horizon3.ai discovered the flaws, which are particularly concerning given WHD's history of active exploitation and SolarWinds' past security incidents. Organizations are urged to immediately upgrade to Web Help Desk 2026.1, as the deserialization and authentication logic flaws are highly reliable to exploit and could enable attackers to gain full system control and move laterally across networks.

SolarWinds, again: Critical RCE bugs reopen old wounds for enterprise security teams