Find notable cyber news and cases, enriched with sources, timelines, and signals.

CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551

Public Sector Action
First reported
Last updated
Happening score
H score 53
1 unique sources, 1 articles

Summary

Hide ▲

CISA added CVE-2025-40551 in SolarWinds Web Help Desk to the KEV catalog and imposed federal remediation deadlines, turning a newly exploited flaw into a compliance requirement for FCEB agencies. The vulnerability can enable unauthenticated remote code execution, which raises the risk of compromise across affected government systems. SolarWinds released fixes for the issue in WHD version 2026.1, alongside several related CVEs. FCEB agencies must meet the deadline under BOD 22-01 or remain out of compliance.

Related Happenings

NHS England Digital libssh2 update advisory for CVE-2026-55200

Advisory/Mitigation
H score38 First: 29.06.2026 10:06 Last: 29.06.2026 10:06 Sources 1

About this happening: **NHS England Digital** has issued an **update advisory** for **libssh2** after a public proof-of-concept surfaced for **CVE-2026-55200**. The flaw can let a **malicious or compro...

CISA adds CVE-2026-12569 to KEV for PTC Windchill and FlexPLM

Public Sector Action
H score46 First: 26.06.2026 15:31 Last: 26.06.2026 15:31 Sources 1

About this happening: CISA **added CVE-2026-12569** to the **KEV catalog** after finding **active exploitation** of **PTC Windchill PDMlink** and **PTC FlexPLM**, elevating the flaw to a federal remedi...

Lantronix EDS5000 Series devices code-injection flaw (CVE-2025-67038)

Vulnerability
H score43 First: 24.06.2026 20:19 Last: 24.06.2026 20:19 Sources 1

About this happening: **CVE-2025-67038** in **Lantronix EDS5000 Series devices** is now under **active exploitation**, creating a **root-level command execution** risk for affected systems. **CISA** to...

Widget Factory Joomla Content Editor JCE actively exploited improper access control security flaw (CVE-2026-48907)

Vulnerability
H score89 First: 17.06.2026 08:50 Last: 17.06.2026 08:50 Sources 1

About this happening: The **Widget Factory Joomla Content Editor (JCE)** flaw **CVE-2026-48907** has been added to **CISA's KEV catalog** after evidence of **active exploitation**, putting affected Joo...

SimpleHelp security update for CVE-2026-48558

Security Patch Release
H score65 First: 15.06.2026 23:06 Last: 15.06.2026 23:06 Sources 1

About this happening: **SimpleHelp** released **5.5.16** and **6.0 RC2** on **June 9** to fix **CVE-2026-48558**, a critical **OIDC** authentication flaw in **SimpleHelp remote management software** th...

Timeline

  1. 04.02.2026 07:50 2 articles · 5mo ago

    CISA adds SolarWinds WHD CVE-2025-40551 to KEV and sets federal deadlines

    Legal Policy Action Update

    CISA added CVE-2025-40551 in SolarWinds Web Help Desk to the Known Exploited Vulnerabilities catalog after classifying it as actively exploited, warned that the unauthenticated deserialization flaw could enable remote code execution on the host machine, and required Federal Civilian Executive Branch agencies to remediate CVE-2025-40551 by February 6, 2026 and the remaining WHD fixes by February 24, 2026 under BOD 22-01.

    Show sources