🚨 CRITICAL ALERT: Active Zero-Day Exploits

Summary of immediate threat: Two significant vulnerabilities have been identified, both of which are actively exploited and present severe risks to affected systems. Time is of the essence to mitigate these threats and protect your organization’s infrastructure. Both vulnerabilities have high CVSS scores and are listed in the CISA Known Exploited Vulnerabilities catalog, indicating immediate and widespread danger.

Critical Vulnerabilities (CVSS ≥ 8.0)

• CVE-2025-26399 (CVSS: 9.8): SolarWinds Web Help Desk is vulnerable to an unauthenticated AjaxProxy deserialization remote code execution, potentially allowing attackers to execute arbitrary commands on the host machine. This is a severe risk due to its ability to bypass previously deployed patches. View NVD | CISA KEV
• CVE-2026-1603 (CVSS: 8.6): A critical authentication bypass exists in Ivanti Endpoint Manager (versions prior to 2024 SU5), enabling remote attackers to leak sensitive credential data without requiring authentication. This poses serious risks to data security and unauthorized access. View NVD | CISA KEV

⚡ Immediate Actions Required

Organizations using SolarWinds Web Help Desk must apply urgent security patches and review any unauthorized changes within their systems. Upgrading to the latest version that addresses CVE-2025-26399 is critical. Similarly, enterprises utilizing Ivanti Endpoint Manager should update to version 2024 SU5 or later immediately to plug the authentication bypass gap identified in CVE-2026-1603. Comprehensive security assessments and constant monitoring are recommended to detect and prevent any exploitation attempts promptly.