{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-15T00:26:05.971","vulnerabilities":[{"cve":{"id":"CVE-2025-40536","sourceIdentifier":"psirt@solarwinds.com","published":"2026-01-28T08:16:01.893","lastModified":"2026-02-13T14:03:55.790","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality."},{"lang":"es","value":"SolarWinds Web Help Desk se descubrió que era susceptible a una vulnerabilidad de omisión de control de seguridad que, si se explotaba, podría permitir a un atacante no autenticado obtener acceso a cierta funcionalidad restringida."}],"metrics":{"cvssMetricV31":[{"source":"psirt@solarwinds.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"cisaExploitAdd":"2026-02-12","cisaActionDue":"2026-02-15","cisaRequiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"SolarWinds Web Help Desk Security Control Bypass Vulnerability","weaknesses":[{"source":"psirt@solarwinds.com","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.1","matchCriteriaId":"F7CADB33-214C-441A-BB62-64811EBBEB29"}]}]}],"references":[{"url":"https:\/\/documentation.solarwinds.com\/en\/success_center\/whd\/content\/release_notes\/whd_2026-1_release_notes.htm","source":"psirt@solarwinds.com","tags":["Release Notes"]},{"url":"https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/CVE-2025-40536","source":"psirt@solarwinds.com","tags":["Vendor Advisory"]},{"url":"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40536","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]},{"url":"https:\/\/www.huntress.com\/blog\/active-exploitation-solarwinds-web-help-desk-cve-2025-26399","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]}]}}]}