Ref# ADV2026_140 | Date: Mar 10th 2026

---

SolarWinds published a security advisory highlighting vulnerabilities in the following products on March 9, 2026. It is recommended that you take the necessary precautions by ensuring your products are always updated.

• SolarWinds Web Help Desk – version 12.8.7 and prior

Update 1

On March 9, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-26399 to their Known Exploited Vulnerabilities (KEV) Database.

For more information on these updates, you can follow these URLs:

• SolarWinds Web Help Desk AjaxProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVE-2025-26399)
• SolarWinds Security Vulnerabilities
• CISA KEV: CVE-2025-26399

The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary.

PDF Download: Solarwinds Security Advisory_Update_1

References

• SolarWinds Security Advisory (March 9th, 2026). Retrieved from SolarWinds. https://www.solarwinds.com/trust-center/security-advisories
• SolarWinds Security Advisory (March 9th, 2026). Retrieved from SolarWinds. https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399
• CVE-2025-26399 (March 9th, 2026). Retrieved from America’s Cyber Defense Agency. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-26399

• SolarWinds security advisory. (March 9th, 2026). Retrieved from Canadian Centre for Cyber Security. https://www.cyber.gc.ca/en/alerts-advisories/solarwinds-security-advisory-av26-063-update-1