SolarWinds, again: Critical RCE bugs reopen old wounds for enterprise security teams
No one likes RCE vulnerabilities, particularly in critical software like SolarWinds products.
Another round of critical Web Help Desk flaws highlights how SolarWinds’ legacy code and past breaches continue to haunt IT and security leaders.
SolarWinds is yet again disclosing security vulnerabilities in one of its widely-used products. The company has released updates to patch six critical authentication bypass and remote command execution vulnerabilities in its Web Help Desk (WHD) IT software.
These flaws could allow attackers to bypass authentication, perform remote code execution (RCE), and access certain functionality that should be gated. Of the six, four are rated “critical” (9.8 out of 10 on the CVE severity scale), while the others are “high” (7.5 and 8.1 severity).
Because WHD has been actively exploited in the past, admins are advised to patch their vulnerable servers immediately, by upgrading to Web Help Desk 2026.1.
“We already know what happens if you compromise SolarWinds,” said David Shipley of Beauceron Security. “There’s a massive downstream risk. It’s critical that things are patched, updated, resolved as quickly as possible.”
Read the Full Story at CSO Online