CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551
Public Sector Action
Summary
Hide ▲
Show ▼
CISA added CVE-2025-40551 in SolarWinds Web Help Desk to the KEV catalog and imposed federal remediation deadlines, turning a newly exploited flaw into a compliance requirement for FCEB agencies. The vulnerability can enable unauthenticated remote code execution, which raises the risk of compromise across affected government systems. SolarWinds released fixes for the issue in WHD version 2026.1, alongside several related CVEs. FCEB agencies must meet the deadline under BOD 22-01 or remain out of compliance.
Related Happenings
NHS England Digital libssh2 update advisory for CVE-2026-55200
Advisory/Mitigation
H score38
First: 29.06.2026 10:06
Last: 29.06.2026 10:06
Sources 1
About this happening:
**NHS England Digital** has issued an **update advisory** for **libssh2** after a public proof-of-concept surfaced for **CVE-2026-55200**. The flaw can let a **malicious or compro...
NHS England Digital libssh2 update advisory for CVE-2026-55200
Advisory/MitigationAbout this happening: **NHS England Digital** has issued an **update advisory** for **libssh2** after a public proof-of-concept surfaced for **CVE-2026-55200**. The flaw can let a **malicious or compro...
CISA adds CVE-2026-12569 to KEV for PTC Windchill and FlexPLM
Public Sector Action
H score46
First: 26.06.2026 15:31
Last: 26.06.2026 15:31
Sources 1
About this happening:
CISA **added CVE-2026-12569** to the **KEV catalog** after finding **active exploitation** of **PTC Windchill PDMlink** and **PTC FlexPLM**, elevating the flaw to a federal remedi...
CISA adds CVE-2026-12569 to KEV for PTC Windchill and FlexPLM
Public Sector ActionAbout this happening: CISA **added CVE-2026-12569** to the **KEV catalog** after finding **active exploitation** of **PTC Windchill PDMlink** and **PTC FlexPLM**, elevating the flaw to a federal remedi...
Lantronix EDS5000 Series devices code-injection flaw (CVE-2025-67038)
Vulnerability
H score43
First: 24.06.2026 20:19
Last: 24.06.2026 20:19
Sources 1
About this happening:
**CVE-2025-67038** in **Lantronix EDS5000 Series devices** is now under **active exploitation**, creating a **root-level command execution** risk for affected systems. **CISA** to...
Lantronix EDS5000 Series devices code-injection flaw (CVE-2025-67038)
VulnerabilityAbout this happening: **CVE-2025-67038** in **Lantronix EDS5000 Series devices** is now under **active exploitation**, creating a **root-level command execution** risk for affected systems. **CISA** to...
Widget Factory Joomla Content Editor JCE actively exploited improper access control security flaw (CVE-2026-48907)
Vulnerability
H score89
First: 17.06.2026 08:50
Last: 17.06.2026 08:50
Sources 1
About this happening:
The **Widget Factory Joomla Content Editor (JCE)** flaw **CVE-2026-48907** has been added to **CISA's KEV catalog** after evidence of **active exploitation**, putting affected Joo...
Widget Factory Joomla Content Editor JCE actively exploited improper access control security flaw (CVE-2026-48907)
VulnerabilityAbout this happening: The **Widget Factory Joomla Content Editor (JCE)** flaw **CVE-2026-48907** has been added to **CISA's KEV catalog** after evidence of **active exploitation**, putting affected Joo...
SimpleHelp security update for CVE-2026-48558
Security Patch Release
H score65
First: 15.06.2026 23:06
Last: 15.06.2026 23:06
Sources 1
About this happening:
**SimpleHelp** released **5.5.16** and **6.0 RC2** on **June 9** to fix **CVE-2026-48558**, a critical **OIDC** authentication flaw in **SimpleHelp remote management software** th...
SimpleHelp security update for CVE-2026-48558
Security Patch ReleaseAbout this happening: **SimpleHelp** released **5.5.16** and **6.0 RC2** on **June 9** to fix **CVE-2026-48558**, a critical **OIDC** authentication flaw in **SimpleHelp remote management software** th...
Timeline
-
04.02.2026 07:50 2 articles · 5mo ago
CISA adds SolarWinds WHD CVE-2025-40551 to KEV and sets federal deadlines
Legal Policy Action UpdateCISA added CVE-2025-40551 in SolarWinds Web Help Desk to the Known Exploited Vulnerabilities catalog after classifying it as actively exploited, warned that the unauthenticated deserialization flaw could enable remote code execution on the host machine, and required Federal Civilian Executive Branch agencies to remediate CVE-2025-40551 by February 6, 2026 and the remaining WHD fixes by February 24, 2026 under BOD 22-01.
Show sources
- CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog — thehackernews.com — 04.02.2026 07:50
- CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog — thehackernews.com — 04.02.2026 07:50