SolarWinds security advisory (AV26-549) - Update 1

Serial number: AV26-549
Date: June 4, 2026
Updated: June 5, 2026

Between June 2 and 3, 2026, SolarWinds published security advisories to address vulnerabilities in the following products:

• SolarWinds Serv-U – versions prior to 15.5.4 HF1
• SolarWinds Web Help Desk – versions prior to 2026.2

Update 1

On June 5, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-28318 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• SolarWinds Web Help Desk Denial-of-Service Vulnerability (CVE-2026-28299)
• SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability (CVE-2026-28318)
• SolarWinds Security Vulnerabilities
• CISA KEV: CVE-2026-28318