SolarWinds Web Help Desk Pre-Auth RCE Vulnerability Disclosed

SolarWinds Web Help Desk Pre-Auth RCE Vulnerability Disclosed

First seen 25 Feb 2026, 21:11 UTC Labs.WatchtowrReddit 92% similarity 48.7

Article Content

Browse articles
ThreatCluster

CVE-2024-28988 is a pre-auth deserialization remote code execution vulnerability in SolarWinds Web Help Desk. It was reported through the Zero Day Initiative and disclosed in October 2024, but remained unpatched until September 2025, affecting users of the software. The vulnerability allows unauthorized access to systems using the affected software.

ThreatCluster AI

Timeline

2024-10-01
CVE-2024-28988 disclosed
2025-09-01
CVE-2024-28988 published
2026-02-25
Articles published discussing the vulnerability

Community

Browse all →