The CISA and NVD have published a new critical vulnerability affecting SolarWinds Web Help Desk tracked as CVE-2025-26399 which involves deserialization of untrusted data that could allow remote code execution.
What makes this vulnerability particularly notable is that it appears to be a bypass of a previous SolarWinds patch
tracked as CVE-2024-28988 which itself was a bypass of an earlier fix which was tracked as CVE-2024-28986. Security researchers are already pointing out that this creates a concerning pattern of patch bypasses tied to the same vulnerability class.
Bobby Kuzma, Director of Offensive Cyber Operations, ProCircular
“The newly disclosed CVE-2025-26399 vulnerability in SolarWinds Web Help Desk is especially troubling because it appears to be a patch bypass of a previous critical flaw — which itself was already a bypass of an earlier patch for essentially the same vulnerability class. When vulnerabilities repeatedly reappear through patch bypasses, it suggests the underlying root cause may not have been fully addressed. As security professionals sometimes joke, if developers are being forced to patch just enough to break the exploit instead of fixing the root issue, they should blink twice and we’ll send help. The humor reflects a real problem: partial fixes can leave organizations exposed to the next iteration of the same flaw.”
SolarWinds related vulnerabilities just will not seem to die. That’s bad for anyone who is responsible for defending organizations as their lives will be pretty miserable.
Like this:
Like Loading...
Related
This entry was posted on March 10, 2026 at 2:39 pm and is filed under Commentary with tags Solarwinds. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New SolarWinds CVE Continues Patch-Bypass Pattern
The CISA and NVD have published a new critical vulnerability affecting SolarWinds Web Help Desk tracked as CVE-2025-26399 which involves deserialization of untrusted data that could allow remote code execution.
What makes this vulnerability particularly notable is that it appears to be a bypass of a previous SolarWinds patch
tracked as CVE-2024-28988 which itself was a bypass of an earlier fix which was tracked as CVE-2024-28986. Security researchers are already pointing out that this creates a concerning pattern of patch bypasses tied to the same vulnerability class.
Bobby Kuzma, Director of Offensive Cyber Operations, ProCircular
“The newly disclosed CVE-2025-26399 vulnerability in SolarWinds Web Help Desk is especially troubling because it appears to be a patch bypass of a previous critical flaw — which itself was already a bypass of an earlier patch for essentially the same vulnerability class. When vulnerabilities repeatedly reappear through patch bypasses, it suggests the underlying root cause may not have been fully addressed. As security professionals sometimes joke, if developers are being forced to patch just enough to break the exploit instead of fixing the root issue, they should blink twice and we’ll send help. The humor reflects a real problem: partial fixes can leave organizations exposed to the next iteration of the same flaw.”
SolarWinds related vulnerabilities just will not seem to die. That’s bad for anyone who is responsible for defending organizations as their lives will be pretty miserable.
Share this:
Like this:
Related
This entry was posted on March 10, 2026 at 2:39 pm and is filed under Commentary with tags Solarwinds. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.