SolarWinds IT Management Software and Remote Monitoring Tools
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any SolarWinds product.
RSS Feeds for SolarWinds security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in SolarWinds products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by SolarWinds Sorted by Most Security Vulnerabilities since 2018
Known Exploited SolarWinds Vulnerabilities
The following SolarWinds vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability |
SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machine. CVE-2025-26399 Exploit Probability: 23.3% |
March 9, 2026 |
| SolarWinds Web Help Desk Security Control Bypass Vulnerability |
SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality. CVE-2025-40536 Exploit Probability: 68.1% |
February 12, 2026 |
| SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability |
SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication. CVE-2025-40551 Exploit Probability: 79.4% |
February 3, 2026 |
| SolarWinds Web Help Desk Hardcoded Credential Vulnerability |
SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data. CVE-2024-28987 Exploit Probability: 94.2% |
October 15, 2024 |
| SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability |
SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution. CVE-2024-28986 Exploit Probability: 78.4% |
August 15, 2024 |
| SolarWinds Serv-U Path Traversal Vulnerability |
SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine. CVE-2024-28995 Exploit Probability: 94.4% |
July 17, 2024 |
| SolarWinds Serv-U Improper Input Validation Vulnerability |
SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability which allows attackers to build and send queries without sanitization. CVE-2021-35247 Exploit Probability: 3.0% |
January 21, 2022 |
| SolarWinds Orion API Authentication Bypass Vulnerability |
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected. CVE-2020-10148 Exploit Probability: 94.3% |
November 3, 2021 |
| SolarWinds Serv-U Remote Memory Escape Vulnerability |
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. CVE-2021-35211 Exploit Probability: 94.3% |
November 3, 2021 |
| SolarWinds Virtualization Manager Privilege Escalation Vulnerability |
SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd." CVE-2016-3643 Exploit Probability: 5.4% |
November 3, 2021 |
Of the known exploited vulnerabilities above, 6 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 2 known exploited SolarWinds vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
By the Year
In 2026 there have been 10 vulnerabilities in SolarWinds with an average score of 9.1 out of ten. Last year, in 2025 SolarWinds had 14 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in SolarWinds in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 2.33.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 10 | 9.12 |
| 2025 | 14 | 6.79 |
| 2024 | 44 | 8.20 |
| 2023 | 47 | 7.38 |
| 2022 | 24 | 6.53 |
| 2021 | 50 | 6.97 |
| 2020 | 29 | 7.54 |
| 2019 | 14 | 7.41 |
| 2018 | 5 | 8.90 |
It may take a day or so for new SolarWinds vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent SolarWinds Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2025-40541 | Feb 24, 2026 |
Serv-U IDOR Enables Privileged Native Code ExecutionAn Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. |
Serv U
|
| CVE-2025-40540 | Feb 24, 2026 |
Serv-U Type Confusion Enables Privileged Native Code ExecA type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. |
Serv U
|
| CVE-2025-40539 | Feb 24, 2026 |
Serv-U Type Confusion Enables Privileged Native Code ExecutionA type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. |
Serv U
|
| CVE-2025-40538 | Feb 24, 2026 |
Serv-U ACL Bypass Privilege Escalation to System AdminA broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. |
Serv U
|
| CVE-2025-40554 | Jan 28, 2026 |
SolarWinds WebHelp Desk Auth Bypass VulnerabilitySolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk. |
Web Help Desk
|
| CVE-2025-40553 | Jan 28, 2026 |
SolarWinds Web Help Desk Untrusted Data Deserialization Enables RCESolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication. |
Web Help Desk
|
| CVE-2025-40552 | Jan 28, 2026 |
SolarWinds Web Help Desk Auth Bypass VulnerabilitySolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication. |
Web Help Desk
|
| CVE-2025-40551 | Jan 28, 2026 |
SolarWinds Web Help Desk RCE via Untrusted Deserialization (CVE-2025-40551)SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication. |
Web Help Desk
|
| CVE-2025-40537 | Jan 28, 2026 |
SolarWinds Web Help Desk Hardcoded Credentials CVE-2025-40537SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions. |
Web Help Desk
|
| CVE-2025-40536 | Jan 28, 2026 |
SolarWinds WHD Auth Bypass: Unauthenticated R/O AccessSolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality. |
Web Help Desk
|
| CVE-2025-40545 | Nov 18, 2025 |
SolarWinds Observability Self-Hosted Open Redirection VulnerabilitySolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required. |
|
| CVE-2025-26391 | Nov 18, 2025 |
SolarWinds Observability Self-Host XSS in URL Fields (Auth Required, Low-Level)SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account. |
|
| CVE-2025-40549 | Nov 18, 2025 |
Serv-U Path Restriction Bypass Allows Admin Code Exec on WindowsA Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences in how paths and home directories are handled. |
Serv U
|
| CVE-2025-40548 | Nov 18, 2025 |
Admin-Privilege Code Execution via Serv-U (SolarWinds)A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. |
Serv U
|
| CVE-2025-40547 | Nov 18, 2025 |
ServU Logic Error Enables Admin Code ExecA logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. |
Serv U
|
| CVE-2025-26392 | Oct 21, 2025 |
SQLi in SolarWinds Obs. Self-Hosted via lowpriv authSolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account. |
Observability Self Hosted
|
| CVE-2025-26399 | Sep 23, 2025 |
SolarWinds Web Help Desk AjaxProxy Deserialization RCE (Patch Bypass)SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986. |
Web Help Desk
|
| CVE-2025-26398 | Aug 12, 2025 |
SolarWinds DPA Hard-Coded Crypto Key – Local Privilege EscalationSolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not installed by default, local access to the server and administrator level privileges on the host. |
Database Performance Analyzer
|
| CVE-2025-26400 | Jul 29, 2025 |
SolarWinds Web Help Desk XXE Info DisclosureSolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files. |
Webhelpdesk
|
| CVE-2025-26396 | Jun 02, 2025 |
SolarWinds Dameware Mini RC LPE via Incorrect PermissionsThe SolarWinds Dameware Mini Remote Control was determined to be affected by Incorrect Permissions Local Privilege Escalation Vulnerability. This vulnerability requires local access and a valid low privilege account to be susceptible to this vulnerability. |
Dameware Mini Remote Control
|
| CVE-2024-28989 | Feb 11, 2025 |
SolarWinds Web Help Desk Hardcoded Crypto Key Allows Sensitive Data DisclosureSolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software. |
Web Help Desk
|
| CVE-2024-52606 | Feb 11, 2025 |
CVE-2024-52606: SSRF in SolarWinds Platform via unsanitized inputSolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request. |
Solarwinds Platform
|
| CVE-2024-52611 | Feb 11, 2025 |
SolarWinds Platform Info Disclosure via Error MessageThe SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions. |
Solarwinds Platform
Orion Platform
|
| CVE-2024-52612 | Feb 11, 2025 |
SolarWinds Orion XSS Authenticated Reflected XSS via Input ParamSolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. This vulnerability requires authentication by a high- privileged account to be exploitable. |
Solarwinds Platform
|
| CVE-2024-45709 | Dec 10, 2024 |
SolarWinds Web Help Desk Local File Read Vulnerability in Development/Test ModeSolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited. |
Web Help Desk
|
| CVE-2024-45717 | Dec 04, 2024 |
SolarWinds Platform: Authenticated Stored XSS in Search and Node Information UIThe SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction. |
Solarwinds Platform
|
| CVE-2024-45713 | Oct 17, 2024 |
SolarWinds Kiwi CatTools Sensitive Data Disclosure via Non-Default Troubleshooting SettingSolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non-default setting has been enabled for troubleshooting purposes. |
Kiwi Cattools
|
| CVE-2024-45714 | Oct 16, 2024 |
Auth XSS via Variable Modification in unknown web appApplication is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users permissions can modify a variable with a payload. |
Serv U
|
| CVE-2024-45715 | Oct 16, 2024 |
CVE-2024-45715: XSS in SolarWinds Orion Platform Edit FunctionThe SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements. |
Solarwinds Platform
|
| CVE-2024-45710 | Oct 16, 2024 |
SolarWinds Platform LPE via Uncontrolled Search PathSolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine. |
Solarwinds Platform
|
| CVE-2024-45711 | Oct 16, 2024 |
SolarWinds ServU dir traversal RCE (CVE202445711)SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability |
Serv U
|
| CVE-2024-28991 | Sep 12, 2024 |
RCE in SolarWinds ARM via Authenticated Remote ExploitSolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution. |
Access Rights Manager
|
| CVE-2024-28990 | Sep 12, 2024 |
SolarWinds ARM Hardcoded Credential Bypass Enables RabbitMQ Console AccessSolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. |
Access Rights Manager
|
| CVE-2024-28987 | Aug 21, 2024 |
SolarWinds WHD Hardcoded Credential Remote Unauth AccessThe SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. |
Web Help Desk
Webhelpdesk
|
| CVE-2024-28986 | Aug 13, 2024 |
SolarWinds Web Help Desk Java Deserialization RCESolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available. |
Web Help Desk
Webhelpdesk
|
| CVE-2024-23471 | Jul 17, 2024 |
SolarWinds Access Rights Manager RCE via Authenticated Service AbuseThe SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution. |
Access Rights Manager
|
| CVE-2024-23474 | Jul 17, 2024 |
SolarWinds ARM: Arbitrary File Deletion & Info DisclosureThe SolarWinds Access Rights Manager was found to be susceptible to an Arbitrary File Deletion and Information Disclosure vulnerability. |
Access Rights Manager
|
| CVE-2024-23475 | Jul 17, 2024 |
SolarWinds Access Rights Manager: Brute Dir Traversal & Info DisclosureThe SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information. |
Access Rights Manager
|
| CVE-2024-28074 | Jul 17, 2024 |
SolarWinds ARM PrivEsc bypass CVE-2024-28074It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. While some controls were implemented the researcher was able to bypass these and use a different method to exploit the vulnerability. |
Access Rights Manager
|
| CVE-2024-23469 | Jul 17, 2024 |
SolarWinds ARM RCE: Unauth SYSTEM Privilege EscalationSolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges. |
Access Rights Manager
|
| CVE-2024-23466 | Jul 17, 2024 |
SolarWinds ARM Directory Traversal RCE Allows SYSTEM PrivilegesSolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges. |
Access Rights Manager
|
| CVE-2024-23467 | Jul 17, 2024 |
SolarWinds Access Rights Manager RCE via Directory Traversal & Info DisclosureThe SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform remote code execution. |
Access Rights Manager
|
| CVE-2024-23468 | Jul 17, 2024 |
DIRTRAV + INFODISC in SolarWinds Access Rights ManagerThe SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information. |
Access Rights Manager
|
| CVE-2024-23472 | Jul 17, 2024 |
SolarWinds ARM Directory Traversal enables file read/deleteSolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability. This vulnerability allows an authenticated user to arbitrary read and delete files in ARM. |
Access Rights Manager
|
| CVE-2024-28992 | Jul 17, 2024 |
SolarWinds Access Rights Manager: Unauth Dir Traversal & File DeletionThe SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information. |
Access Rights Manager
|
| CVE-2024-28993 | Jul 17, 2024 |
SolarWinds ARM Dir Trv & Info Leak Enable Unauth File DeletionThe SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information. |
Access Rights Manager
|
| CVE-2024-23470 | Jul 17, 2024 |
SolarWinds Access Rights Manager RCE via pre-auth remote code execThe SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote code execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to run commands and executables. |
Access Rights Manager
|
| CVE-2024-23465 | Jul 17, 2024 |
SolarWinds ARM Auth Bypass Enables Domain Admin GainThe SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass vulnerability. This vulnerability allows an unauthenticated user to gain domain admin access within the Active Directory environment. |
Access Rights Manager
|
| CVE-2024-28995 | Jun 06, 2024 |
SolarWinds Serv-U Dir Trav Exposes Sensitive FilesSolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. |
Serv U
|
| CVE-2024-28996 | Jun 04, 2024 |
SolarWinds SWQL Injection VulnerabilityThe SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability. |
Solarwinds Platform
|