Shai-Hulud 2.0 Supply Chain Attack

Last Updated: Friday November 28, 2025 5:00 p.m. EST

Active – Investigation Ongoing

Solace Reference #: DATAGO-118512, SOL-144344

Solace is aware of the recently-reported Shai-Hulud 2.0 Supply Chain Attack and is actively investigating our exposure.

Investigation into the following Solace products is complete and they are not impacted by this attack:

• Event Broker

• Solace Cloud

• All Messaging APIs, OTELs, and sdkperfs

• Schema Registry and SERDEs

• All Connectors and Micro-Integrations

• Agent Mesh

• Resource Calculator

• Cache
• Quickstart Guides
• SolGeneos
• ASAPIO (partner product)

Solace is continuing to investigate the remainder of our product portfolio and the investigations into the following products are ongoing. To date, no impact to these products has been detected.

• PubSub+ Monitor

• Adaptris Interlok (partner product)

Solace will update this page as more information becomes available.

Change History

Friday November 28, 2025 10:00 a.m. EST – Added initial list of unaffected products and products still under investigation
Friday November 28, 2025 2:00 p.m. EST – Moved Agent Mesh to list of unaffected products
Friday November 28, 2025 2:30 p.m. EST – Moved Solace Cloud to list of unaffected products
Friday November 28, 2025 5:00 p.m. EST – Moved Quickstart Guides to list of unaffected products