January 21, 2026: Tenable requests contact from SolarWinds. SolarWinds provides a link to a web page that has their PGP key. Tenable advises SolarWinds that the key appears to be expired. SolarWinds advises to send the advisory unencrypted.
January 22, 2026: Tenable sends the report. SolarWinds sends a path to upload the PoC file, Tenable uploads.
January 23, 2026: SolarWinds acknowledges they have received the PoC and are reviewing.
January 28, 2026: Tenable notices a 2026.1 release and asks SolarWinds if this bug was fixed in that release.
February 10, 2026: SolarWinds replies confirming the vulnerability and opens a new ticket.
February 25, 2026: Tenable asks SolarWinds for an update and realizes we cannot reply to the new ticket.
February 25, 2026: SolarWinds provides a new email thread and advises they are planning to fix this in the next release but do not currently have a date.
March 23, 2026: Tenable requests status update.
March 23, 2026: SolarWinds replies that they are targeting a 4/21 release date.
March 26, 2026: Tenable acknowledges, requests CVEs.
March 26, 2026: SolarWinds replies with information around publication.
April 2, 2026: Tenable replies and asks for a status update.
April 8, 2026: SolarWinds replies that they are having functional issues with the release and need to move the release date.
April 15, 2026: Tenable replies asking for expected release date.
April 24, 2026: SolarWinds asks to meet.
April 29, 2026: Tenable sends some times to meet.
May 1, 2026: Tenable and SolarWinds meet.
May 13, 2026: SolarWinds asks Tenable for an update.
May 14, 2026: Tenable responds that due to the extenuating circumstances, we can extend. Tenable asks for continued regular updates.
May 15, 2026: SolarWinds replies that they are on track.
May 29, 2026: SolarWinds replies that they are delayed until early June.
June 2, 2026: SolarWinds lets Tenable know that 2026.2 was released today.
