A new SolarWinds vulnerability has been exploited.

A newly disclosed SolarWinds Web Help Desk vulnerability, an unauthenticated untrusted‑data deserialization bug, is being actively exploited in the wild. The flaw allows attackers to execute remote code via improperly sanitized AjaxProxy requests. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog and ordered federal agencies to patch it within three days due to its high risk. SolarWinds released WHD version 2026.1 with fixes for this and several other critical issues.

Read more:

https://www.securityweek.com/fresh-solarwinds-vulnerability-exploited-in-attacks/