SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
CISA Catalog
Date Added
Due Date
Vulnerability Name
Required Action
2026-03-09
2026-03-12
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Date Added: 2026-03-09
Due Date: 2026-03-12
Vulnerability Name: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.