# WarLock's Exploited Vulnerabilities
> [!NOTE]
> This is the list of vulnerabilities that have been observed during intrusions that lead to WarLock ransomware deployment or data exfiltration and leaks published to WarLock's Tor Site

### `SmarterTools`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| SmarterMail | CVE-2026-23760 | Storm-2603 (Warlock) | [reliaquest.com](https://reliaquest.com/blog/threat-spotlight-storm-2603-exploits-CVE-2026-23760-to-stage-warlock-ransomware/) |

### `SolarWinds`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| SolarWinds Web Help Desk | CVE-2025-40551 | Storm-2603 (Warlock) | [linkedin.com](https://www.linkedin.com/pulse/pulling-back-curtain-warlocks-next-act-blacklotuslabs-lduze/) |

### `CentreStack`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| Gladinet CentreStack | CVE-2025-14611 | Storm-2603 (Warlock) | [linkedin.com](https://www.linkedin.com/pulse/pulling-back-curtain-warlocks-next-act-blacklotuslabs-lduze/) |

### `MS Server Products`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| SharePoint Server | CVE-2025-49706, CVE-2025-49704 ("ToolShell") | Storm-2603 (Warlock) | [microsoft.com](https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/#storm-2603) |

---

#### Sources
| Date Published | Report |
|---|---|
| 9 February 2026 | https://reliaquest.com/blog/threat-spotlight-storm-2603-exploits-CVE-2026-23760-to-stage-warlock-ransomware/ |
| 10 February 2026 | https://www.linkedin.com/pulse/pulling-back-curtain-warlocks-next-act-blacklotuslabs-lduze/ |
| 22 July 2025 | https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/#storm-2603 |