CVE-2026-28299
Denial-of-Service in SolarWinds Web Help Desk
Publication date: 2026-06-02
Last updated on: 2026-06-02
Assigner: SolarWinds
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| solarwinds | web_help_desk | 2026.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-28299 is a denial-of-service vulnerability affecting SolarWinds Web Help Desk. When exploited, this vulnerability causes the Web Help Desk server to crash due to insufficient memory.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to the Web Help Desk server crashing, resulting in denial of service. This means that users and administrators may experience interruptions or complete unavailability of the Web Help Desk service.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the denial-of-service vulnerability in SolarWinds Web Help Desk, you should upgrade to the WHD 2026.2 release which includes a redesigned interface and removes legacy functionality that may be vulnerable.
Before upgrading, ensure that servlet authentication is replaced with either SAML 2.0 or HTTP Header authentication as the legacy servlet authentication is discontinued.
Additionally, consider enabling FIPS compliance and configuring CA-signed certificates as part of the security enhancements in the new release.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in SolarWinds Web Help Desk is a denial-of-service issue that can cause the server to crash due to insufficient memory. While the CVE description and resources do not explicitly mention direct impacts on compliance with standards such as GDPR or HIPAA, a denial-of-service event could potentially disrupt availability, which is a component of these regulations.
The WHD 2026.2 release notes mention enhancements including guidance for enabling FIPS compliance and configuring CA-signed certificates, which are relevant to security standards. However, there is no direct information linking the denial-of-service vulnerability to compliance failures or violations of GDPR, HIPAA, or similar regulations.