ARM 2026.2 release notes
Release date: April 21, 2026
Here's what's new in ARM 2026.2. You can find the applicable system requirements here.
To view release notes, system requirements, and product guide PDFs for supported versions of ARM, see ARM previous versions. To view release notes for multiple versions
Attention ARM customers
ARM server and collectors no longer work with Windows Server 2012 or earlier due to the newly required cipher suites.
New features and improvements in ARM
RabitMQ library upgrade
ARM 2026.2 upgrades the RabitMQ library to 4.0.3.
Active Directory Scan in the ARM Web Client
Use the AD Scan feature directly in the ARM Web Client. Click Scan > Scan Configuration to open the Available Scan Types. Click Active Directory to complete the wizard and add an AD Scan.
General improvements
-
ARM 2026.2 adds support Search UnifiedAuditLog cmdlet for ExchangeOnline Logga
- ARM 2026.2 adds filter action handling support for ExchangeLogga
Fixed CVEs
At SolarWinds, we prioritize the swift resolution of CVEs to ensure the security and integrity of our software. In this release, we have successfully addressed the following CVEs.
Third-party CVEs
SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
| CVE-ID | Vulnerability title | Description | Severity |
|---|---|---|---|
| CVE-2025-30219 | RabbitMQ Arbitrary JavaScript Code Execution Vulnerability | RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable (with other on disk file modifications) can lead to arbitrary JavaScript code execution in the browsers of management UI users. When a virtual host on a RabbitMQ node fails to start, recent versions will display an error message (a notification) in the management UI. The error message includes virtual host name, which was not escaped prior to open source RabbitMQ 4.0.3 and Tanzu RabbitMQ 4.0.3, 3.13.8. An attack that both makes a virtual host fail to start and creates a new virtual host name with an XSS code snippet or changes the name of an existing virtual host on disk could trigger arbitrary JavaScript code execution in the management UI (the user's browser). Open source RabbitMQ `4.0.3` and Tanzu RabbitMQ `4.0.3` and `3.13.8` patch the issue. | 6.1 Medium |
Fixed customer issues
| Case number | Description |
|---|---|
| 02041328 |
Assigning multiple permissions to users from data owners works as expected in the ARM Web Client. |
| 02022248 |
The Reset email notification in the ARM Web Client displays as expected. |
| 02015666 |
The Alternate email field appears in the ARM Web Client console password change screen. |
| 01972858 |
Exchange Online Logga monitoring works as expected. |
| 01910592 |
FS Logga cluster stays on after being activated. |
| 01782321 |
SAM account names can be modified in the editor. |
| 01558114 |
The Action authors list appears when trying to set filters for Exchange Online Logga. |
Installation or upgrade
For new installations, you can download the installation file from the product page on https://www.solarwinds.com or from the Customer Portal. For more information, see the ARM Installation and Upgrade Guide.
-
ARM and SolarWinds Platform products must be installed on separate servers. ARM is not a SolarWinds Platform product.
-
If you are on a version earlier than ARM 2023.2.4, first upgrade to 2023.2.4 and then upgrade to the current version.
If you are upgrading from a previous version, see Upgrade ARM in the ARM Installation and Upgrade Guide for instructions.
Legal notices
© 2026 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.