CVE-2025-40536

Analyzed

Published: 28 Jan 2026, 07:30

Last modified:13 Feb 2026, 04:56

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9.8 CRITICAL

v3.1 (nvd)

EPSS Score

76.95% CRITICAL

77% probability +49.13%

KEV

Listed

CISA

1 listing

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

28 Jan 2026, 07:30

Published

Vulnerability first disclosed

12 Feb 2026, 00:00

Added to CISA KEV

SolarWinds Web Help Desk Security Control Bypass Vulnerability

13 Feb 2026, 04:56

Last Modified

Vulnerability information updated

15 Feb 2026, 00:00

CISA Remediation Due

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

CVSS Metrics

EPSS Trends

Weaknesses (CWE)

KEV Details

Exploits (1)

Affected Systems

References (4)