VulnHub

Recent reports from BleepingComputer indicate that attackers are exploiting significant vulnerabilities in SolarWinds Web Help Desk, identified as CVE-2025-40551 and CVE-2026-26399. These flaws have been under active exploitation since mid-January, allowing intruders to deploy legitimate tools for unauthorized activities within affected systems. Organizations using SolarWinds Web Help Desk could be at risk, as these vulnerabilities could facilitate broader attacks or data breaches. It is crucial for companies to assess their systems for these vulnerabilities and apply necessary updates or patches to safeguard against potential intrusions. The ongoing exploitation of these flaws underscores the need for vigilance in maintaining software security.

Hackers are exploiting vulnerabilities in SolarWinds Web Help Desk (WHD) to gain unauthorized access to systems. This allows them to execute code on affected machines, deploying legitimate forensic tools like Velociraptor to maintain persistence and enable remote control. Organizations using SolarWinds WHD should be particularly vigilant, as these vulnerabilities can lead to serious security breaches. The situation underscores the need for companies to regularly update and patch their systems to protect against such attacks. Users of the software must act quickly to ensure their environments are secure.

In December 2025, vulnerabilities in SolarWinds Web Help Desk instances were exploited, allowing attackers to gain initial access to compromised systems. This incident raises concerns for organizations using SolarWinds products, as it indicates that these flaws may have been leveraged as zero-day exploits. Such vulnerabilities can lead to unauthorized access and potential data breaches, making it crucial for affected companies to address these security gaps promptly. Users should be vigilant and monitor their systems for unusual activity while applying any available patches or updates. The incident serves as a reminder of the ongoing risks associated with third-party software vulnerabilities.

Huntress has reported an ongoing attack exploiting vulnerabilities in SolarWinds Web Help Desk software. Attackers are targeting unpatched versions of this tool to execute remote code, which allows them to install Zoho ManageEngine software for persistent access and Velociraptor for control over compromised systems. This incident was confirmed on February 7, 2026, and it raises significant concerns for organizations that rely on SolarWinds products, as it highlights the risks associated with unaddressed software vulnerabilities. Companies using this software should prioritize patching to safeguard against these exploits and prevent unauthorized access to their systems.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a serious vulnerability in SolarWinds Web Help Desk that is currently being exploited in active attacks. This flaw poses a risk to federal agencies, which have been instructed to apply necessary patches within three days to mitigate potential damage. The urgency of the situation underscores the importance of maintaining up-to-date systems, especially for organizations that rely on SolarWinds products. If left unaddressed, this vulnerability could lead to unauthorized access and compromise sensitive data, affecting not just government agencies but potentially their partners and clients as well. The situation is a reminder for all users of SolarWinds software to remain vigilant and ensure their systems are secure.