Find notable cyber news and cases, enriched with sources, timelines, and signals.

SolarWinds security patch release for CVE-2025-40552

Security Patch Release
First reported
Last updated
Happening score
H score 89
3 unique sources, 3 articles

Summary

Hide ▲

SolarWinds released security updates for Web Help Desk to fix critical authentication bypass and remote command execution flaws. The bundle covers CVE-2025-40552, CVE-2025-40554, CVE-2025-40553, CVE-2025-40551, and CVE-2025-40537. Some of the bugs can be abused by remote unauthenticated attackers or low-privilege users to run commands or reach administrative functions. Administrators are being told to upgrade vulnerable servers to Web Help Desk 2026.1 as soon as possible.

Related Happenings

JCE Pro 2.9.99.6 patch for CVE-2026-48907

Security Patch Release
H score46 First: 17.06.2026 13:09 Last: 17.06.2026 13:09 Sources 1

About this happening: **JCE security team** released **JCE Pro 2.9.99.6** in **early June 2026** to fix **CVE-2026-48907** in the **Widget Factory Joomla Content Editor (JCE) plugin**. The update addre...

Splunk Enterprise security update for CVE-2026-20253

Security Patch Release
H score52 First: 13.06.2026 16:23 Last: 13.06.2026 16:23 Sources 1

About this happening: **Splunk** released **security updates** for **CVE-2026-20253**, fixing a critical **Splunk Enterprise** flaw that could enable unauthenticated file operations and **remote code e...

Everest Forms Pro plugin patch for CVE-2026-3300

Security Patch Release
H score43 First: 06.06.2026 17:09 Last: 06.06.2026 17:09 Sources 1

About this happening: The **Everest Forms developer** released a patch for **CVE-2026-3300** in **Everest Forms Pro** on **March 18**, closing an **unauthenticated arbitrary code execution** flaw affec...

SolarWinds Serv-U advisory and mitigations for CVE-2026-28318

Advisory/Mitigation
H score52 First: 06.06.2026 11:14 Last: 06.06.2026 11:14 Sources 1

About this happening: **SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...

SolarWinds security patch release for CVE-2026-28318

Security Patch Release
H score82 First: 05.06.2026 22:15 Last: 05.06.2026 22:15 Sources 1

About this happening: SolarWinds released **Serv-U 15.5.4 Hotfix 1** for **CVE-2026-28318**, an **actively exploited** denial-of-service flaw that can crash exposed **Serv-U** servers. The update fixes...

Timeline

  1. 04.02.2026 12:15 1 articles · 5mo ago

    CISA adds CVE-2025-40551 to KEV Catalog for SolarWinds Web Help Desk

    Legal Policy Action Update

    CISA added CVE-2025-40551 in SolarWinds Web Help Desk to its Known Exploited Vulnerabilities Catalog and warned federal civilian agencies to patch by Friday after the flaw was reported as actively exploited; the issue is a CVSS 9.8 deserialization of untrusted data vulnerability that can lead to remote code execution.

    Show sources
  2. 28.01.2026 16:39 3 articles · 5mo ago

    SolarWinds patches Web Help Desk vulnerabilities

    Mitigation Patch Update

    SolarWinds releases security updates for Web Help Desk, including Web Help Desk 2026.1, to fix critical authentication bypass and remote code execution flaws such as CVE-2025-40552, CVE-2025-40554, CVE-2025-40553, CVE-2025-40551, and CVE-2025-40537. The affected issues can allow remote unauthenticated attackers or low-privilege users to execute commands or reach administrative functions, and administrators are advised to upgrade vulnerable servers as soon as possible.

    Show sources