SolarWinds security patch release for CVE-2025-40538
Security Patch Release
Summary
Hide ▲
Show ▼
SolarWinds released Serv-U updates that fix four critical flaws in version 15.5, reducing the risk of remote code execution. The patched issues are tracked as CVE-2025-40538 through CVE-2025-40541 and are addressed in Serv-U version 15.5.4.
Related Happenings
FFmpeg 8.1.2 security update (CVE-2026-8461)
Security Patch Release
H score36
First: 23.06.2026 00:05
Last: 23.06.2026 00:05
Sources 1
About this happening:
**FFmpeg** shipped **version 8.1.2** to fix **CVE-2026-8461** in the **MagicYUV decoder**, closing a heap out-of-bounds write that could affect **FFmpeg-based applications**. The...
FFmpeg 8.1.2 security update (CVE-2026-8461)
Security Patch ReleaseAbout this happening: **FFmpeg** shipped **version 8.1.2** to fix **CVE-2026-8461** in the **MagicYUV decoder**, closing a heap out-of-bounds write that could affect **FFmpeg-based applications**. The...
CISA KEV mitigation for LiteSpeed cPanel Plugin (CVE-2026-54420)
Advisory/Mitigation
H score38
First: 16.06.2026 08:41
Last: 16.06.2026 08:41
Sources 1
About this happening:
CISA put **CVE-2026-54420** in **LiteSpeed cPanel Plugin** on the **KEV catalog**, ordering **FCEB agencies** to apply fixes by **June 18, 2026**. The flaw is a **CVSS 8.5 privile...
CISA KEV mitigation for LiteSpeed cPanel Plugin (CVE-2026-54420)
Advisory/MitigationAbout this happening: CISA put **CVE-2026-54420** in **LiteSpeed cPanel Plugin** on the **KEV catalog**, ordering **FCEB agencies** to apply fixes by **June 18, 2026**. The flaw is a **CVSS 8.5 privile...
SimpleHelp security update for CVE-2026-48558
Security Patch Release
H score65
First: 15.06.2026 23:06
Last: 15.06.2026 23:06
Sources 1
About this happening:
**SimpleHelp** released **5.5.16** and **6.0 RC2** on **June 9** to fix **CVE-2026-48558**, a critical **OIDC** authentication flaw in **SimpleHelp remote management software** th...
SimpleHelp security update for CVE-2026-48558
Security Patch ReleaseAbout this happening: **SimpleHelp** released **5.5.16** and **6.0 RC2** on **June 9** to fix **CVE-2026-48558**, a critical **OIDC** authentication flaw in **SimpleHelp remote management software** th...
Langflow security patch release for CVE-2026-5027
Security Patch Release
H score38
First: 11.06.2026 00:23
Last: 11.06.2026 00:23
Sources 1
About this happening:
**Langflow** shipped fixes for **CVE-2026-5027**, closing a **path traversal** flaw that let attackers write arbitrary files on exposed servers. The patch landed in **langflow-bas...
Langflow security patch release for CVE-2026-5027
Security Patch ReleaseAbout this happening: **Langflow** shipped fixes for **CVE-2026-5027**, closing a **path traversal** flaw that let attackers write arbitrary files on exposed servers. The patch landed in **langflow-bas...
SolarWinds Serv-U advisory and mitigations for CVE-2026-28318
Advisory/Mitigation
H score52
First: 06.06.2026 11:14
Last: 06.06.2026 11:14
Sources 1
About this happening:
**SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...
SolarWinds Serv-U advisory and mitigations for CVE-2026-28318
Advisory/MitigationAbout this happening: **SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...
Timeline
-
25.02.2026 09:04 2 articles · 4mo ago
SolarWinds issues Serv-U 15.5.4 patch for four critical flaws
Mitigation Patch UpdateSolarWinds released updates for Serv-U file transfer software version 15.5, fixing four critical vulnerabilities tracked as CVE-2025-40538, CVE-2025-40539, CVE-2025-40540, and CVE-2025-40541. The flaws include broken access control, type confusion, and IDOR issues rated CVSS 9.1, and successful exploitation could allow an attacker with administrative privileges to execute arbitrary or native code as root; the issues are addressed in Serv-U version 15.5.4 and no exploitation in the wild was reported.
Show sources
- SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution — thehackernews.com — 25.02.2026 09:04
- SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution — thehackernews.com — 25.02.2026 09:04