SolarWinds Webhelpdesk
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in SolarWinds Webhelpdesk.
By the Year
In 2026 there have been 0 vulnerabilities in SolarWinds Webhelpdesk. Last year, in 2025 Webhelpdesk had 1 security vulnerability published. Right now, Webhelpdesk is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 5.30 |
| 2024 | 2 | 9.45 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 8.80 |
| 2021 | 1 | 6.10 |
| 2020 | 4 | 0.00 |
It may take a day or so for new Webhelpdesk vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent SolarWinds Webhelpdesk Security Vulnerabilities
SolarWinds Web Help Desk XXE Info Disclosure
CVE-2025-26400
5.3 - Medium
- July 29, 2025
SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files.
XXE
SolarWinds WHD Hardcoded Credential Remote Unauth Access
CVE-2024-28987
9.1 - Critical
- August 21, 2024
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
Use of Hard-coded Credentials
SolarWinds Web Help Desk Java Deserialization RCE
CVE-2024-28986
9.8 - Critical
- August 13, 2024
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.
Marshaling, Unmarshaling
SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk
CVE-2021-35254
8.8 - High
- March 25, 2022
SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future.
Hard coded credentials discovered in SolarWinds Web Help Desk product
CVE-2021-35232
6.1 - Medium
- December 27, 2021
Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.
Use of Hard-coded Credentials
SolarWinds Web Help Desk 12.7.0
CVE-2019-16959
- December 21, 2020
SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.
SolarWinds Web Help Desk 12.7.0
CVE-2019-16955
- December 18, 2020
SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.
SolarWinds Web Help Desk 12.7.0
CVE-2019-16957
- December 18, 2020
SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account.
Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form)
CVE-2019-20002
- April 27, 2020
Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for SolarWinds Webhelpdesk or by SolarWinds? Click the Watch button to subscribe.
