[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-26399":6},{"stargazers_count":4,"fetched_at":5},5,"2026-04-07T09:11:40.124Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":25,"duplicate_of":9,"upstream":26,"downstream":27,"duplicates":28,"related":29,"reserved_at":9,"published_at":30,"modified_at":31,"state":32,"summary":33,"references_raw":44,"kevs":68,"epss":79,"epss_history":82,"metrics":353,"affected":360},"CVE-2025-26399","SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-502","Deserialization of Untrusted Data","The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.","weakness","Draft","Base","Medium",[20],{"id":21,"name":22,"techniques":23},"CAPEC-586","Object Injection",[],[],[],[],[],[],[],"2025-09-23T05:07:14.702Z","2026-03-10T03:55:22.393Z","Analyzed",{"cisa_kev":34,"cisa_ransomware":35,"cisa_vendor":36,"epss_severity":37,"epss_score":38,"severity":39,"severity_score":40,"severity_version":41,"severity_source":42,"severity_vector":43,"severity_status":32},true,false,"SolarWinds","high",0.32241,"critical",9.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[45,52,57,62],{"url":46,"sources":47,"tags":49},"https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26399",[42,48],"nvd",[50,51],"Patch","Vendor Advisory",{"url":53,"sources":54,"tags":55},"https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm",[42,48],[56],"Release Notes",{"url":58,"sources":59,"tags":60},"https://www.microsoft.com/en-us/security/blog/2026/02/06/active-exploitation-solarwinds-web-help-desk/",[42,48],[61],"Third Party Advisory",{"url":63,"sources":64,"tags":65},"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-26399",[42,48],[66,67],"Government Resource","US Government Resource",[69],{"source":70,"vendor":36,"product":71,"date_added":72,"vulnerability_name":73,"short_description":74,"required_action":75,"due_date":76,"known_ransomware_campaign_use":77,"notes":78,"exploitation_type":9},"cisa","Web Help Desk","2026-03-09","SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability","SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machine.","Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","2026-03-12","Unknown","https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399 ; https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm ; https://nvd.nist.gov/vuln/detail/CVE-2025-26399",{"date":80,"score":38,"percentile":81},"2026-04-06",0.96815,[83,87,90,93,96,99,102,105,108,111,114,117,121,124,126,130,133,136,139,142,145,148,151,154,157,160,163,167,170,173,176,179,182,185,188,190,193,196,199,202,205,207,210,212,215,219,222,225,228,231,234,237,240,243,246,249,252,255,257,261,264,267,270,274,277,279,282,285,288,290,293,295,298,301,304,307,311,314,317,319,322,326,329,332,335,338,341,344,347,350],{"date":84,"score":85,"percentile":86},"2025-11-04",0.002,0.42274,{"date":88,"score":85,"percentile":89},"2025-11-05",0.42266,{"date":91,"score":85,"percentile":92},"2025-11-06",0.42279,{"date":94,"score":85,"percentile":95},"2025-11-07",0.42303,{"date":97,"score":85,"percentile":98},"2025-11-08",0.42296,{"date":100,"score":85,"percentile":101},"2025-11-09",0.42271,{"date":103,"score":85,"percentile":104},"2025-11-10",0.42237,{"date":106,"score":85,"percentile":107},"2025-11-11",0.42255,{"date":109,"score":85,"percentile":110},"2025-11-12",0.42288,{"date":112,"score":85,"percentile":113},"2025-11-13",0.42302,{"date":115,"score":85,"percentile":116},"2025-11-14",0.42306,{"date":118,"score":119,"percentile":120},"2025-11-15",0.00408,0.60483,{"date":122,"score":119,"percentile":123},"2025-11-16",0.60471,{"date":125,"score":119,"percentile":123},"2025-11-17",{"date":127,"score":128,"percentile":129},"2025-11-18",0.00474,0.62112,{"date":131,"score":128,"percentile":132},"2025-11-19",0.62128,{"date":134,"score":128,"percentile":135},"2025-11-20",0.62117,{"date":137,"score":119,"percentile":138},"2025-11-21",0.60485,{"date":140,"score":119,"percentile":141},"2025-11-22",0.60484,{"date":143,"score":119,"percentile":144},"2025-11-23",0.60467,{"date":146,"score":119,"percentile":147},"2025-11-24",0.60464,{"date":149,"score":119,"percentile":150},"2025-11-25",0.60468,{"date":152,"score":119,"percentile":153},"2025-11-26",0.60469,{"date":155,"score":119,"percentile":156},"2025-11-27",0.60475,{"date":158,"score":119,"percentile":159},"2025-11-28",0.60452,{"date":161,"score":119,"percentile":162},"2025-11-29",0.60426,{"date":164,"score":165,"percentile":166},"2025-11-30",0.00426,0.61493,{"date":168,"score":165,"percentile":169},"2025-12-01",0.61645,{"date":171,"score":165,"percentile":172},"2025-12-02",0.61661,{"date":174,"score":165,"percentile":175},"2025-12-03",0.61664,{"date":177,"score":165,"percentile":178},"2025-12-04",0.61492,{"date":180,"score":165,"percentile":181},"2025-12-05",0.61503,{"date":183,"score":165,"percentile":184},"2025-12-06",0.615,{"date":186,"score":165,"percentile":187},"2025-12-07",0.61495,{"date":189,"score":165,"percentile":184},"2025-12-08",{"date":191,"score":165,"percentile":192},"2025-12-09",0.61537,{"date":194,"score":165,"percentile":195},"2025-12-10",0.61585,{"date":197,"score":165,"percentile":198},"2025-12-11",0.61603,{"date":200,"score":165,"percentile":201},"2025-12-12",0.61627,{"date":203,"score":165,"percentile":204},"2025-12-13",0.61632,{"date":206,"score":165,"percentile":204},"2025-12-14",{"date":208,"score":165,"percentile":209},"2025-12-15",0.61613,{"date":211,"score":165,"percentile":204},"2025-12-16",{"date":213,"score":165,"percentile":214},"2025-12-17",0.61649,{"date":216,"score":217,"percentile":218},"2025-12-18",0.00543,0.66995,{"date":220,"score":217,"percentile":221},"2025-12-19",0.67016,{"date":223,"score":217,"percentile":224},"2025-12-20",0.67014,{"date":226,"score":217,"percentile":227},"2025-12-21",0.67002,{"date":229,"score":217,"percentile":230},"2025-12-22",0.67032,{"date":232,"score":217,"percentile":233},"2025-12-23",0.67026,{"date":235,"score":217,"percentile":236},"2025-12-24",0.67034,{"date":238,"score":217,"percentile":239},"2025-12-25",0.67066,{"date":241,"score":217,"percentile":242},"2025-12-26",0.67065,{"date":244,"score":217,"percentile":245},"2025-12-27",0.67118,{"date":247,"score":217,"percentile":248},"2025-12-28",0.67038,{"date":250,"score":217,"percentile":251},"2025-12-29",0.6703,{"date":253,"score":217,"percentile":254},"2025-12-30",0.67045,{"date":256,"score":217,"percentile":242},"2025-12-31",{"date":258,"score":259,"percentile":260},"2026-01-01",0.11163,0.93296,{"date":262,"score":259,"percentile":263},"2026-01-02",0.93291,{"date":265,"score":259,"percentile":266},"2026-01-03",0.9329,{"date":268,"score":259,"percentile":269},"2026-01-04",0.9325,{"date":271,"score":272,"percentile":273},"2026-01-05",0.13075,0.93861,{"date":275,"score":272,"percentile":276},"2026-01-06",0.93862,{"date":278,"score":272,"percentile":276},"2026-01-07",{"date":280,"score":272,"percentile":281},"2026-01-08",0.93866,{"date":283,"score":272,"percentile":284},"2026-01-09",0.93868,{"date":286,"score":272,"percentile":287},"2026-01-10",0.9387,{"date":289,"score":272,"percentile":284},"2026-01-11",{"date":291,"score":272,"percentile":292},"2026-01-12",0.93865,{"date":294,"score":272,"percentile":281},"2026-01-13",{"date":296,"score":272,"percentile":297},"2026-01-14",0.93875,{"date":299,"score":272,"percentile":300},"2026-01-15",0.93876,{"date":302,"score":272,"percentile":303},"2026-01-16",0.93881,{"date":305,"score":272,"percentile":306},"2026-01-17",0.93886,{"date":308,"score":309,"percentile":310},"2026-01-18",0.21556,0.95545,{"date":312,"score":309,"percentile":313},"2026-01-19",0.95542,{"date":315,"score":309,"percentile":316},"2026-01-20",0.95543,{"date":318,"score":309,"percentile":310},"2026-01-21",{"date":320,"score":309,"percentile":321},"2026-01-22",0.95548,{"date":323,"score":324,"percentile":325},"2026-01-23",0.22314,0.95641,{"date":327,"score":324,"percentile":328},"2026-01-24",0.95644,{"date":330,"score":324,"percentile":331},"2026-01-25",0.95648,{"date":333,"score":324,"percentile":334},"2026-01-26",0.9565,{"date":336,"score":324,"percentile":337},"2026-01-27",0.95649,{"date":339,"score":324,"percentile":340},"2026-01-28",0.95651,{"date":342,"score":324,"percentile":343},"2026-01-29",0.95652,{"date":345,"score":324,"percentile":346},"2026-01-30",0.95655,{"date":348,"score":324,"percentile":349},"2026-01-31",0.95658,{"date":351,"score":324,"percentile":352},"2026-02-01",0.95691,[354,358],{"source":42,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":355,"cvss_v4_0":9},{"baseScore":40,"baseSeverity":356,"vectorString":43,"impactScore":40,"exploitabilityScore":357},"CRITICAL",10,{"source":48,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":359,"cvss_v4_0":9},{"baseScore":40,"baseSeverity":356,"vectorString":43,"impactScore":40,"exploitabilityScore":357},[361],{"ecosystem":9,"name":71,"vendor":9,"product":71,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":362},[363,366,370],{"version":364,"is_range":35,"range_type":42,"version_start":364,"version_start_type":365,"version_end":364,"version_end_type":365,"fixed_in":9},"12.8.7 and below","including",{"version":367,"is_range":34,"range_type":368,"version_start":9,"version_start_type":9,"version_end":369,"version_end_type":365,"fixed_in":9},"lte12.8.6","cpe","12.8.6",{"version":371,"is_range":35,"range_type":368,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.8.7"]