CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

Staff Editor 2026-02-04
CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

https://thehackernews.com/2026/02/cisa-adds-actively-exploited-solarwinds.html

Publish Date: 2026-02-04 00:50:00

Source Domain: thehackernews.com

Ravie LakshmananFeb 04, 2026Software Security / Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog, flagging it as actively exploited in attacks.

The vulnerability, tracked as CVE-2025-40551 (CVSS score: 9.8), is a untrusted data deserialization vulnerability that could pave the way for remote code execution.

“SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine,” CISA said. “This could be exploited without authentication.”

SolarWinds issued fixes for the flaw last week, along with CVE-2025-40536 (CVSS score: 8.1), CVE-2025-40537 (CVSS score: 7.5), CVE-2025-40552 (CVSS score: 9.8), CVE-2025-40553 (CVSS score: 9.8), and CVE-2025-40554 (CVSS score: 9.8), in WHD version 2026.1.

There are currently no public reports about how the vulnerability is being weaponized in attacks, who may be the targets, or the scale of such efforts. It’s the latest illustration of how quickly threat actors are moving to exploit newly disclosed flaws.

Also added to the KEV catalog are three other vulnerabilities –

  • CVE-2019-19006 (CVSS score: 9.8) – An improper authentication vulnerability in Sangoma FreePBX that potentially allows unauthorized users to bypass password authentication and access services provided by the FreePBX administrator
  • CVE-2025-64328 (CVSS score: 8.6) – An operating system command injection vulnerability in Sangoma FreePBX that could allow for a post-authentication command injection by an authenticated known user via the testconnection – check_ssh_connect() function and potentially obtain remote access to the system as an asterisk user
  • CVE-2021-39935 (CVSS score: 7.5/6.8) – A server-side request forgery (SSRF) vulnerability in GitLab Community and Enterprise…

Source

More Stories

Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

Staff Editor 2026-06-06
AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs

AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs

Staff Editor 2026-06-06
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack

Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy