SolarWinds security patch release for CVE-2025-26399
Security Patch Release
Summary
Hide ▲
Show ▼
SolarWinds released hot fixes for Web Help Desk to close CVE-2025-26399, a critical remote code execution flaw that could let attackers run commands on affected servers. The issue affects Web Help Desk 12.8.7 and all earlier versions. SolarWinds said the bug is an unauthenticated AjaxProxy deserialization problem, and advised upgrading to 12.8.7 HF1. There is no evidence of exploitation in the wild so far.
Cases
Related Happenings
Ivanti security patch release for CVE-2026-8043
Security Patch Release
First: 18.05.2026 13:54
Last: 18.05.2026 13:54
Sources 1
About this happening:
**Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Ivanti security patch release for CVE-2026-8043
Security Patch ReleaseAbout this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
CPanel security patch release for CVE-2026-29201
Security Patch Release
First: 09.05.2026 10:16
Last: 09.05.2026 10:16
Sources 1
About this happening:
**cPanel** released updates for **cPanel and Web Host Manager (WHM)** to fix **three vulnerabilities** that could enable **privilege escalation**, **code execution**, or **denial-...
CPanel security patch release for CVE-2026-29201
Security Patch ReleaseAbout this happening: **cPanel** released updates for **cPanel and Web Host Manager (WHM)** to fix **three vulnerabilities** that could enable **privilege escalation**, **code execution**, or **denial-...
Google security patch release for CVE-2026-5858
Security Patch Release
First: 10.04.2026 13:44
Last: 10.04.2026 13:44
Sources 1
About this happening:
**Google** released the first stable **Chrome 147** build, closing **60 vulnerabilities** and raising the browser’s baseline security ahead of broader deployment. The patch bundle...
Google security patch release for CVE-2026-5858
Security Patch ReleaseAbout this happening: **Google** released the first stable **Chrome 147** build, closing **60 vulnerabilities** and raising the browser’s baseline security ahead of broader deployment. The patch bundle...
Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)
Security Patch Release
First: 07.04.2026 12:26
Last: 07.04.2026 12:26
Sources 1
About this happening:
**Fortinet** released an **emergency hotfix** for **FortiClient Enterprise Management Server (EMS)** after confirming **active exploitation** of **CVE-2026-35616**, a critical fla...
Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)
Security Patch ReleaseAbout this happening: **Fortinet** released an **emergency hotfix** for **FortiClient Enterprise Management Server (EMS)** after confirming **active exploitation** of **CVE-2026-35616**, a critical fla...
Citrix security patch release for CVE-2026-3055
Security Patch Release
First: 24.03.2026 07:59
Last: 24.03.2026 07:59
Sources 1
About this happening:
Citrix's **NetScaler ADC** and **NetScaler Gateway** updates close **CVE-2026-3055** and **CVE-2026-4368**, including a flaw that could leak sensitive memory from configured appli...
Citrix security patch release for CVE-2026-3055
Security Patch ReleaseAbout this happening: Citrix's **NetScaler ADC** and **NetScaler Gateway** updates close **CVE-2026-3055** and **CVE-2026-4368**, including a flaw that could leak sensitive memory from configured appli...
Timeline
-
23.09.2025 15:46 2 articles · 8mo ago
SolarWinds releases hot fixes for CVE-2025-26399
Mitigation Patch UpdateSolarWinds released hot fixes for SolarWinds Web Help Desk to address CVE-2025-26399, a critical unauthenticated AjaxProxy deserialization remote code execution flaw affecting version 12.8.7 and earlier. The company said the issue could let an attacker run commands on the host machine, and advised upgrading to SolarWinds Web Help Desk 12.8.7 HF1.
Show sources
- SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw — thehackernews.com — 23.09.2025 15:46
- SolarWinds releases third patch to fix Web Help Desk RCE bug — www.bleepingcomputer.com — 23.09.2025 16:41
-
23.09.2025 15:46 2 articles · 8mo ago
SolarWinds details CVE-2025-26399 patch bypass and discovery
Technical Analysis UpdateSolarWinds characterized CVE-2025-26399 as a CVSS 9.8 deserialization vulnerability that is a patch bypass for CVE-2024-28988 and CVE-2024-28986, with the original bug first addressed in August 2024. An anonymous researcher working with Trend Micro Zero Day Initiative (ZDI) was credited with discovering and reporting the flaw, and SolarWinds said there was no evidence of exploitation in the wild.
Show sources
- SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw — thehackernews.com — 23.09.2025 15:46
- SolarWinds releases third patch to fix Web Help Desk RCE bug — www.bleepingcomputer.com — 23.09.2025 16:41
-
23.09.2025 15:46 2 articles · 8mo ago
SolarWinds details CVE-2025-26399 patch bypass and discovery
Technical Analysis UpdateSolarWinds characterized CVE-2025-26399 as a CVSS 9.8 deserialization vulnerability that is a patch bypass for CVE-2024-28988 and CVE-2024-28986, with the original bug first addressed in August 2024. An anonymous researcher working with Trend Micro Zero Day Initiative (ZDI) was credited with discovering and reporting the flaw, and SolarWinds said there was no evidence of exploitation in the wild.
Show sources
- SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw — thehackernews.com — 23.09.2025 15:46
- SolarWinds releases third patch to fix Web Help Desk RCE bug — www.bleepingcomputer.com — 23.09.2025 16:41