In-the-wild exploitation of the vulnerability should prompt federal agencies to apply remediations by Sep. 5, according to the CISA advisory. Such a warning comes a day after a hotfix was released by SolarWinds, which has not yet reported active targeting of the security issue at the time."While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available," noted SolarWinds, which committed to providing an updated patch to address the bug soon. SolarWinds has been reported to have fixed 13 RCE flaws impacting its Access Rights Manager software so far this year.