SolarWinds — Vulnerabilities & Security Advisories 166

Browse all 166 CVE security advisories affecting SolarWinds. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SolarWinds provides IT management and monitoring software, primarily serving enterprise networks through its Orion platform. Historically, its applications have exhibited vulnerabilities typical of complex enterprise suites, including remote code execution, cross-site scripting, and privilege escalation flaws. These weaknesses often stem from intricate integration points and legacy codebases. The most significant security incident occurred in 2020, when a supply chain attack compromised the software’s update mechanism, allowing threat actors to insert malicious code into legitimate updates. This breach affected numerous government agencies and private corporations, exposing sensitive data and compromising network integrity. The incident highlighted critical risks in software supply chains and led to widespread scrutiny of the company’s development and security practices. Consequently, SolarWinds has implemented stricter security controls and transparency measures to restore trust and mitigate future risks associated with its widely deployed infrastructure tools.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-40554	SolarWinds Web Help Desk Authentication Bypass Vulnerability — Web Help DeskCWE-1390	9.8	Critical	2026-01-28
CVE-2025-40553	SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability — Web Help DeskCWE-502	9.8	Critical	2026-01-28
CVE-2025-40552	SolarWinds Web Help Desk Authentication Bypass Vulnerability — Web Help DeskCWE-1390	9.8	Critical	2026-01-28
CVE-2025-40551	SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability — Web Help DeskCWE-502	9.8	Critical	2026-01-28
CVE-2025-40537	SolarWinds Web Help Desk Hardcoded Credentials Vulnerability — Web Help DeskCWE-798	7.5	High	2026-01-28
CVE-2025-40536	SolarWinds Web Help Desk Security Control Bypass Vulnerability — Web Help DeskCWE-693	8.1	High	2026-01-28
CVE-2025-26399	SolarWinds Web Help Desk Deserialization of Untrusted Data Privilege Escalation Vulnerability — Web Help DeskCWE-502	9.8	Critical	2025-09-23
CVE-2024-28988	SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability — Web Help DeskCWE-502	9.8	Critical	2025-09-01
CVE-2025-26400	SolarWinds Web Help Desk XML External Entity Injection (XXE) Vulnerability — Web Help DeskCWE-611	5.3	Medium	2025-07-29
CVE-2024-28989	SolarWinds Web Help Desk Cryptographic Key Management Vulnerability — Web Help DeskCWE-321	5.5	Medium	2025-02-11
CVE-2024-45709	SolarWinds Web Help Desk Local File Read Vulnerability — Web Help DeskCWE-22	5.3	Medium	2024-12-10
CVE-2024-28987	SolarWinds Web Help Desk Hardcoded Credential Vulnerability — Web Help DeskCWE-798	9.1	Critical	2024-08-21
CVE-2024-28986	SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability — Web Help DeskCWE-502	9.8	Critical	2024-08-13
CVE-2021-35251	Sensitive Data Disclosure Vulnerability — Web Help DeskCWE-209	5.3	Medium	2022-03-09
CVE-2021-35232	Hard credentials discovered in SolarWinds Web Help Desk which allows to execute Arbitrary Hibernate Queries — Web Help DeskCWE-798	6.8	Medium	2021-12-27
CVE-2021-35243	HTTP PUT & DELETE Methods Enabled — Web Help DeskCWE-749	5.3	Medium	2021-12-23
CVE-2021-32076	Access Restriction bypass vulnerability via referrer spoof - Business Logic Bypass — Web Help DeskCWE-290	5.3	Medium	2021-08-26

This page lists every published CVE security advisory associated with SolarWinds. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

SolarWinds — Vulnerabilities & Security Advisories 166