CVE-2024-28986 - SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
Project:SolarWinds
Product:Web Help Desk
Date Added:2024-08-15Due Date:2024-09-05
Vulnerability Name
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
Description
SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28986
https://nvd.nist.gov/vuln/detail/CVE-2024-28986
Related News Articles
SolarWinds fixes critical Web Help Desk RCE vulnerability (CVE-2025-26399)September 24, 2025
SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution FlawSeptember 23, 2025
SolarWinds releases third patch to fix Web Help Desk RCE bugSeptember 23, 2025
CISA Warns of Active Exploitation in SolarWinds Help Desk Software VulnerabilityOctober 16, 2024
PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)September 25, 2024