NVD disclosure day

Published threat advisories for January 28, 2026

CVE-2025-40551

SolarWinds Web Help Desk Remote Code Execution Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

SolarWinds Web Help Desk is affected by a vulnerability allowing unauthenticated remote code execution. This could enable attackers to run commands on host systems, posing a significant business risk. Organizations should address this threat promptly.

NVD published: January 28, 2026 • CISA KEV

CVE advisoryKnown Exploit

CVE-2025-40536

SolarWinds Web Help Desk: Security Control Bypass Risk

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

SolarWinds Web Help Desk has a security control bypass vulnerability. Attackers can access restricted functions without authentication, posing a risk to organizational data and systems. Affected systems are exposed externally.

NVD published: January 28, 2026 • CISA KEV