CISA has added CVE-2025-26399 to the Known Exploited Vulnerabilities (KEV) catalogue, affecting SolarWinds and its Web Help Desk product. The vulnerability is SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability, which could allow an attacker to run commands on the host through deserialization in AjaxProxy.
Technical detail: This is a deserialization of untrusted data vulnerability within AjaxProxy. Exploitation could enable arbitrary command execution on the host machine. The CVSS score is 9.8 (CRITICAL). A patch is available from SolarWinds advisories, with remediation guidance published in the vendor notes and the NVD entry.
Exploitation and risk: Active exploitation has been confirmed, reflecting the KEV entry’s emphasis on real-world risk. Ransomware campaign use is Unknown. The remediation deadline is 12 March 2026.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Directly affected are FCEB agencies; all organisations should review their exposure and plan appropriate mitigations.
Final sentence: For full details, see the linked NVD entry and the CISA KEV catalogue.