CVE-2026-28299: SolarWinds Web Help Desk Denial-of-Service Vulnerability
SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when exploited, could cause the Web Help Desk server to crash due to insufficient memory.
Metrics
- CVSS v3.1
- 8.2
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
This is a denial-of-service vulnerability in SolarWinds Web Help Desk versions 2026.1 and all prior releases. The vulnerability is reachable over the network without any authentication, making it trivially accessible to any attacker who can reach the service. Successful exploitation crashes the Web Help Desk server by exhausting its available memory, causing a complete service outage. No patched version has been published yet; HarborGuard tracks the upstream advisory and will make a patched-image rebuild available as soon as SolarWinds ships a fix.
HarborGuard Coverage
Detection capability for CVE-2026-28299 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images that bundle Web Help Desk. Any registry or pipeline image running an affected version will surface this CVE immediately.
AvailableHarborGuard scores this CVE at CVSS 8.2 HIGH (v3.1) and applies per-environment compliance policy weighting to determine urgency and routing. Each affected finding is routed to the appropriate team inbox within the customer org based on configured ownership rules.
AvailableBecause no upstream fix version has been published, HarborGuard re-checks the SolarWinds advisory on every ingest cycle and will make a patched-image rebuild available the moment a fix is released. For customers with auto-remediation enabled, the rebuild, regression run, and PR against affected workloads will be triggered automatically at that point.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The attacker must be able to reach the Web Help Desk service over the network; no local access or special network position is needed beyond basic connectivity to the exposed endpoint.
- AuthenticationNot required
No credentials or account of any kind are required; the vulnerable code path is reachable by any unauthenticated request.
- Victim interactionNot required
No user action or social engineering is needed; the attacker triggers the crash entirely through their own requests.
- Attack complexityDetail
Exploit complexity is low, meaning the attack is reliable and condition-free with no race conditions or specific environmental state required.
Blast Radius
- Crashes the Web Help Desk server process, taking the help desk application fully offline for all users.
- Exhausts server memory, which may affect other processes or services sharing the same host until the server is restarted.
- Causes loss of availability for any IT support workflows or ticketing operations depending on the Web Help Desk instance.
How HarborGuard Handles This
Available on HarborGuard: detection for CVE-2026-28299 is active now, matching all customer images against the affected version range (Web Help Desk 2026.1 and earlier) on every scan cycle. Because SolarWinds has not yet published a fix, no patched-image rebuild is available at this time. HarborGuard re-checks the upstream advisory on every ingest cycle and will automatically make a rebuild available the moment SolarWinds publishes a patched release. For customers with auto-remediation enabled, the rebuild, regression run, and PR against affected workloads will trigger without manual intervention. In the interim, recommended compensating controls include restricting network access to Web Help Desk instances via network policy or firewall rules to limit the pool of hosts that can reach the service, and monitoring the Web Help Desk process for unexpected restarts as an indicator of active exploitation attempts.
- SolarWinds / Web Help Desk2026.1 and all previous versions
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H