CVE-2026-28299
Analyzed Analyzed - Analysis Complete
Denial-of-Service in SolarWinds Web Help Desk

Publication date: 2026-06-02

Last updated on: 2026-06-04

Assigner: SolarWinds

Description
SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when exploited, could cause the Web Help Desk server to crash due to insufficient memory.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-02
Last Modified
2026-06-04
Generated
2026-06-23
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2026-28299
EUVD
EUVD-2026-34017
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
solarwinds web_help_desk to 2026.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-28299 is a denial-of-service vulnerability affecting SolarWinds Web Help Desk. When exploited, this vulnerability causes the Web Help Desk server to crash due to insufficient memory.

Impact Analysis

Exploitation of this vulnerability can lead to the Web Help Desk server crashing, resulting in denial of service. This means that users and administrators may experience interruptions or complete unavailability of the Web Help Desk service.

Mitigation Strategies

To mitigate the denial-of-service vulnerability in SolarWinds Web Help Desk, you should upgrade to the WHD 2026.2 release which includes a redesigned interface and removes legacy functionality that may be vulnerable.

Before upgrading, ensure that servlet authentication is replaced with either SAML 2.0 or HTTP Header authentication as the legacy servlet authentication is discontinued.

Additionally, consider enabling FIPS compliance and configuring CA-signed certificates as part of the security enhancements in the new release.

Compliance Impact

The vulnerability in SolarWinds Web Help Desk is a denial-of-service issue that can cause the server to crash due to insufficient memory. While the CVE description and resources do not explicitly mention direct impacts on compliance with standards such as GDPR or HIPAA, a denial-of-service event could potentially disrupt availability, which is a component of these regulations.

The WHD 2026.2 release notes mention enhancements including guidance for enabling FIPS compliance and configuring CA-signed certificates, which are relevant to security standards. However, there is no direct information linking the denial-of-service vulnerability to compliance failures or violations of GDPR, HIPAA, or similar regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28299. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart