SolarWinds says its web help desk software can be remotely exploited by an unauthenticated attacker – issuing a critical CVSS 9.8 alert for a new vulnerability, CVE-2025-26399; a bypass of a previously exploited bug. 

“This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986,” Solarwinds admitted today.

Get the full story: Subscribe for free

Join peers managing over $100 billion in annual IT spend and subscribe to unlock full access to The Stack’s analysis and events.

Subscribe now

Already a member? Sign in