The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in SolarWinds Web Help Desk (WHD) software, tracked as CVE-2024-28987 with a CVSS score of 9.1, to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. This flaw involves hard-coded credentials that allow unauthorized, remote access to modify sensitive help desk ticket information. Details were initially disclosed by SolarWinds in August 2024, with further specifics from cybersecurity firm Horizon3.ai. Federal Civilian Executive Branch agencies are mandated to implement the latest fixes by November 5, 2024, to protect their networks.