ACCORDING to CISA, the Known Exploited Vulnerabilities (KEV) Catalog currently lists a single entry: SolarWinds Web Help Desk, with CVE-2025-26399. The vulnerability involves deserialization of untrusted data in AjaxProxy, which could allow an attacker to execute commands on the host machine. The entry notes that this vulnerability is currently Unknown as to whether it has been used in ransomware campaigns.
In response, the recommended actions are to apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. The record shows the Date Added as 9 March 2026 and a Due Date of 12 March 2026. Additional notes provide links to SolarWinds trust centre security advisories, release notes for WHD, and the NVD page for CVE-2025-26399. This KEV entry is part of the authoritative resource used by organisations to prioritise vulnerability management and exploitation risk.