SolarWinds Web Help Desk contains a critical (CVSS 9.8) unauthenticated remote code execution vulnerability via Java deserialization in the AjaxProxy component, listed in CISA KEV with a federal remediation deadline of March 12, 2026 — already past for this rollup date, meaning any unpatched instance must be treated as potentially compromised. Exploitation grants full host-level command execution and positions the affected system as an initial access vector into broader enterprise infrastructure. Organizations should patch immediately, isolate unpatched instances, and conduct a retrospective hunt for exploitation indicators in AjaxProxy request logs and host process telemetry.