Documentation forWeb Help Desk
Thinking of upgrading to the cloud? Learn more about migrating from Web Help Desk to Service Desk.

WHD 2026.2 release notes

Release date: June 2, 2026

Here's what's new in WHD 2026.2. You can find the applicable system requirements here.

To view release notes, system requirements, and product guide PDFs for supported versions of WHD, see WHD previous versions. To view release notes for multiple versions and multiple SolarWinds Platform products on a single page, see the release notes aggregator.

Attention WHD customers

WHD 2026.2 completes the migration of Web Help Desk to its completely redesigned modern interface. WHD 2026.2 delivers the fully migrated application — including the complete tech Interface, all administration and setup screens, and every feature from the classic application.

The classic interface is no longer available. All functionality is provided through the modern interface.

Servlet authentication is no longer available. Before upgrading to WHD 2026.2, review your current authentication method under Setup > General > Authentication. If set to Servlet authentication, plan your migration to SAML 2.0 or HTTP Header authentication prior to upgrade. Verify SSO functionality in the new environment before decommissioning your legacy instance. See Servlet authentication is not supported for more.

To enable FIPs and to provide a CA-signed certificate for WHD 2026.2, see the instructions in the FIPS and CA-signed Certificate Setup Guide for WHD 2026.2.

New features and improvements in WHD

Completely redesigned modern interface

WHD 2026.2 features a completely redesigned user interface across 120+ screens, delivering a faster, cleaner, and more intuitive experience for both technicians and administrators. The new design improves navigation, readability, and overall usability while preserving every capability from the classic interface.

Interactive tech dashboard

A new customizable dashboard gives technicians an at-a-glance view of their workload:

  • Configurable chart widgets (bar and pie charts) for ticket metrics — by alert level, status, priority, alert condition, and request type

  • Live ticket activity feed showing recent updates across your assignments

  • Drag-and-drop layout with resizable widgets — arrange the dashboard for the way you work

  • Widget drawer for quickly adding or removing widgets

  • Saved search queries as dashboard widgets

Rich text editor with @mention

Techs now have access to a full-featured rich text editor for ticket notes and correspondence:

  • Format text using bold, italics, underline, strikethrough, headings, blockquotes, lists, and tables

  • Upload images, embed media, and attach files

  • Type @ to reference and notify technicians directly within notes

  • Add emojis, insert links, and customize fonts and colors

Multi-tab interface for admins and technicians

WHD 2026.2 introduces a multi-tab interface that allows administrators and technicians to open and work with multiple tickets simultaneously within a single browser window. This addresses one of the most requested improvements from the classic interface, where the single-tab constraint made it difficult to cross-reference related tickets or manage complex workflows.

Key capabilities include:

  • Tabbed navigation: Open multiple tickets, screens, or configuration pages as tabs within the same browser window, enabling efficient side-by-side work

  • Persistent sessions: Open tabs are retained across page refreshes, so your working context is never lost

  • Quick ticket referencing: Easily cross-reference and correlate information between related tickets without navigating back and forth

  • Improved multitasking: Handle interrelated issues, incident linking, and escalation workflows more efficiently with concurrent ticket access

Benefits include:

  • Faster ticket resolution times through improved contextual visibility

  • Reduced navigation overhead — no more switching back and forth between screens

  • Smoother handling of complex workflows involving multiple related tickets

SAML and CAS single sign-on

Full single sign-on support is now available in the modern interface:

  • SAML 2.0: Configure your identity provider (such as Okta, Azure AD, or ADFS) for seamless technician and client login. See Deploy SSO with SAML.

  • CAS: Central Authentication Service integration for organizations using CAS infrastructure. See Deploy SSO with CAS 2.0.

  • SSO configuration through the admin UI, including sign-in URL and certificate management

Improved architecture and security

WHD 2026.2 introduces significant improvements to the underlying architecture that enhance security, performance, and ease of administration.

New reverse proxy for better security and performance

WHD now uses Caddy, a modern, high-performance HTTP server as its front-end entry point. This replaces the bundled Tomcat server used in previous versions and delivers several benefits:

Benefit What this means for you

Faster page loads

Support for HTTP/2 and HTTP/3 means pages and assets load significantly faster on modern browsers.

Stronger default security

Industry-standard security headers are applied to every response automatically — protecting against clickjacking, MIME sniffing, and other common attacks.

Automatic compression

All responses are compressed using modern algorithms, reducing bandwidth usage and improving load times.

Built-in health monitoring

WHD actively monitors the health of its services and responds immediately if a component becomes unavailable.

Simpler SSL setup

SSL/TLS certificates use standard PEM files instead of Java Keystores. Keytool commands are no longer needed.

Smaller footprint

The HTTP server uses significantly less memory and starts almost instantly compared to the previous version.

Automatic HTTPS redirect

HTTP requests are automatically redirected to HTTPS. No additional configuration is needed.

The following certificate options are available:

  • Self-signed certificate: Generated automatically during installation for immediate HTTPS access

  • Your own certificate: Upload your organization's certificate and private key through the admin user interface

  • Automatic certificates: For internet-facing installations, WHD can automatically obtain and renew free certificates from Let's Encrypt

Security enhancements

WHD 2026.2 includes the following security improvements:

  • TLS 1.2 and TLS 1.3 only. Older, less secure protocol versions are no longer supported.

  • Strong cipher suites. Only modern, recommended cipher suites are enabled by default.

  • Security headers on every response. HSTS, content type protection, clickjacking prevention, and referrer control headers are applied automatically.

  • No server identification. Software version information is removed from responses to minimize information disclosure.

  • Internal services are not network-accessible. Only the HTTPS entry point is exposed. All other services are restricted to the local machine.

  • Smart static asset caching. Frequently accessed assets like images and scripts are cached efficiently, reducing server load while ensuring updated content is always delivered.

Service architecture

WHD 2026.2 runs as three managed services on your server, all installed and configured automatically.

Service Purpose
WHD HTTP server Handles all incoming web traffic, SSL/TLS encryption, and routes requests to the appropriate service
WHD backend Processes business logic, database operations, and authentication
WHD frontend Renders the web interface and serves it to your browser

All three services start automatically when the server boots, and they restart automatically on failure. You can manage them using your operating system's standard service tools (Windows Services, systemctl on Linux, or launchctl on macOS).

Support for Windows Server 2025

WHD 2026.2 now supports Windows Server 2025.

Fixed CVEs

At SolarWinds, we prioritize the swift resolution of CVEs to ensure the security and integrity of our software. In this release, we have successfully addressed the following CVEs.

SolarWinds CVEs

SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.

CVE-ID Vulnerability Title Description Severity Credit
CVE-2026-28299 SolarWinds Web Help Desk Denial-of-Service Vulnerability SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when exploited, could cause the Web Help Desk server to crash due to insufficient memory. 8.2 High Tenable

Third-party CVEs

CVE-ID Vulnerability title Description Severity
CVE-2025-12762 pgAdmin4 Remote Code Execution (RCE) Vulnerability pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data. 9.8 Critical
CVE-2025-12763 pgAdmin4 Command Injection Vulnerability pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input. 8.8 High
CVE-2025-13780 pgAdmin4 Remote Code Execution (RCE) Vulnerability pgAdmin versions up to 9.10 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data. 8.8 High
CVE-2025-9636 pgAdmin4 Cross-Origin Opener Policy (COOP) Vulnerability pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation. 7.9 High
CVE-2025-12764 pgAdmin4 LDAP Injection Vulnerability pgAdmin <= 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS. 7.5 High
CVE-2025-12765 pgAdmin4 LDAP Authentication TLS Validation Bypass Vulnerability pgAdmin <= 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification. 7.4 High

Installation instructions

For new installations, you can download the installer from the SolarWinds website or from the Customer Portal. For more information, see the WHD Installation and Upgrade Guide.

For upgrades, if you are upgrading from a version earlier than 2026.1, first upgrade to 2026.1 and verify WHD functionality. Then upgrade to version 2026.2.

See Upgrade WHD for supported upgrade paths.

Uninstallation instructions

If you install WHD 2026.2 and you would like to revert to a previous version, take the following steps:

  1. Uninstall WHD 2026.2.

  2. Install your previous version.

  3. If using FIPS, follow the instructions for enabling FIPS.

Known issues

The WHD REST API is unavailable

The Web Help Desk REST API is not available with version 2026.2.

Resolution or workaround: The API will be available in a future version.

Servlet authentication is not supported

Servlet authentication is not supported in WHD 2026.2.

Recommended alternative: Customers requiring single sign-on should migrated to SAML 2.0, which provides a standards-based, fully supported SSO experience with identity providers such as AD FS, Okta, Azure AD, and others. For environments using HTTP-based pre-authentication (for example, reverse proxy with Kerberos/NTLM), the HTTP Header authentication method remains available.

Previous method Recommended migration path
WAFFLE SSO (Negotiate/NTLM) SAML 2.0 with AD FS, Azure AD, Okta, or another IdP that supports Integrated Windows Authentication (IWA)
CAC authentication via WAFFLE SAML 2.0 with a CAC-aware IdP, or HTTP Header authentication behind a reverse proxy performing certificate-based pre-authentication

Servlet authentication is no longer available. Before upgrading to WHD 2026.2, review your current authentication method under Setup > General > Authentication. If set to Servlet authentication, plan your migration to SAML 2.0 or HTTP Header authentication prior to upgrade. Verify SSO functionality in the new environment before decommissioning your legacy instance.

High availability deployments are not supported

In previous versions, high availability WHD deployments were configured using a multi-instance Tomcat deployment. That option is not available in WHD 2026.2.

Resolution or workaround: High availability deployments will be available in a future version.

Embedded database behavior in WHD

Database behavior varies based on whether you upgrade to WHD 2026.2 with an embedded database or have a fresh installation.

  • Upgrade scenario: During a WHD upgrade with an embedded database, a backup is automatically created under the location specified in Setup > General > Database > Backup folder.

    Resolution or workaround: The backup file will be available at the default path <WebHelpDesk>\pgsql13\Backups. You can choose a custom backup location if required.

  • Fresh installation: In a fresh installation of WHD 2026.2, clicking Backup now does not create a backup.

    Resolution or workaround: Open pgAdmin and manually create the backup.

Legal notices

© 2026 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.