SolarWinds security patch release for CVE-2025-40552
Security Patch Release
Summary
Hide ▲
Show ▼
SolarWinds released security updates for Web Help Desk to fix critical authentication bypass and remote command execution flaws. The bundle covers CVE-2025-40552, CVE-2025-40554, CVE-2025-40553, CVE-2025-40551, and CVE-2025-40537. Some of the bugs can be abused by remote unauthenticated attackers or low-privilege users to run commands or reach administrative functions. Administrators are being told to upgrade vulnerable servers to Web Help Desk 2026.1 as soon as possible.
Related Happenings
JCE Pro 2.9.99.6 patch for CVE-2026-48907
Security Patch Release
H score46
First: 17.06.2026 13:09
Last: 17.06.2026 13:09
Sources 1
About this happening:
**JCE security team** released **JCE Pro 2.9.99.6** in **early June 2026** to fix **CVE-2026-48907** in the **Widget Factory Joomla Content Editor (JCE) plugin**. The update addre...
JCE Pro 2.9.99.6 patch for CVE-2026-48907
Security Patch ReleaseAbout this happening: **JCE security team** released **JCE Pro 2.9.99.6** in **early June 2026** to fix **CVE-2026-48907** in the **Widget Factory Joomla Content Editor (JCE) plugin**. The update addre...
Splunk Enterprise security update for CVE-2026-20253
Security Patch Release
H score52
First: 13.06.2026 16:23
Last: 13.06.2026 16:23
Sources 1
About this happening:
**Splunk** released **security updates** for **CVE-2026-20253**, fixing a critical **Splunk Enterprise** flaw that could enable unauthenticated file operations and **remote code e...
Splunk Enterprise security update for CVE-2026-20253
Security Patch ReleaseAbout this happening: **Splunk** released **security updates** for **CVE-2026-20253**, fixing a critical **Splunk Enterprise** flaw that could enable unauthenticated file operations and **remote code e...
Everest Forms Pro plugin patch for CVE-2026-3300
Security Patch Release
H score43
First: 06.06.2026 17:09
Last: 06.06.2026 17:09
Sources 1
About this happening:
The **Everest Forms developer** released a patch for **CVE-2026-3300** in **Everest Forms Pro** on **March 18**, closing an **unauthenticated arbitrary code execution** flaw affec...
Everest Forms Pro plugin patch for CVE-2026-3300
Security Patch ReleaseAbout this happening: The **Everest Forms developer** released a patch for **CVE-2026-3300** in **Everest Forms Pro** on **March 18**, closing an **unauthenticated arbitrary code execution** flaw affec...
SolarWinds Serv-U advisory and mitigations for CVE-2026-28318
Advisory/Mitigation
H score52
First: 06.06.2026 11:14
Last: 06.06.2026 11:14
Sources 1
About this happening:
**SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...
SolarWinds Serv-U advisory and mitigations for CVE-2026-28318
Advisory/MitigationAbout this happening: **SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...
SolarWinds security patch release for CVE-2026-28318
Security Patch Release
H score82
First: 05.06.2026 22:15
Last: 05.06.2026 22:15
Sources 1
About this happening:
SolarWinds released **Serv-U 15.5.4 Hotfix 1** for **CVE-2026-28318**, an **actively exploited** denial-of-service flaw that can crash exposed **Serv-U** servers. The update fixes...
SolarWinds security patch release for CVE-2026-28318
Security Patch ReleaseAbout this happening: SolarWinds released **Serv-U 15.5.4 Hotfix 1** for **CVE-2026-28318**, an **actively exploited** denial-of-service flaw that can crash exposed **Serv-U** servers. The update fixes...
Timeline
-
04.02.2026 12:15 1 articles · 5mo ago
CISA adds CVE-2025-40551 to KEV Catalog for SolarWinds Web Help Desk
Legal Policy Action UpdateCISA added CVE-2025-40551 in SolarWinds Web Help Desk to its Known Exploited Vulnerabilities Catalog and warned federal civilian agencies to patch by Friday after the flaw was reported as actively exploited; the issue is a CVSS 9.8 deserialization of untrusted data vulnerability that can lead to remote code execution.
Show sources
- SolarWinds Web Help Desk Vulnerability Actively Exploited — www.infosecurity-magazine.com — 04.02.2026 12:15
-
28.01.2026 16:39 3 articles · 5mo ago
SolarWinds patches Web Help Desk vulnerabilities
Mitigation Patch UpdateSolarWinds releases security updates for Web Help Desk, including Web Help Desk 2026.1, to fix critical authentication bypass and remote code execution flaws such as CVE-2025-40552, CVE-2025-40554, CVE-2025-40553, CVE-2025-40551, and CVE-2025-40537. The affected issues can allow remote unauthenticated attackers or low-privilege users to execute commands or reach administrative functions, and administrators are advised to upgrade vulnerable servers as soon as possible.
Show sources
- SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws — www.bleepingcomputer.com — 28.01.2026 16:39
- SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws — www.bleepingcomputer.com — 28.01.2026 16:39
- SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass — thehackernews.com — 29.01.2026 11:00