CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks
Cybersecurity NewsArchived Jun 06, 2026✓ Full text saved
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical SolarWinds Serv-U vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that threat actors are actively exploiting the flaw in the wild. Tracked as CVE-2026-28318, the vulnerability affects SolarWinds Serv-U file transfer software and enables unauthenticated attackers to crash the service through specially […] The post CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks appe
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeCyber Security News
CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks
By Guru Baran
June 6, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical SolarWinds Serv-U vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that threat actors are actively exploiting the flaw in the wild.
Tracked as CVE-2026-28318, the vulnerability affects SolarWinds Serv-U file transfer software and enables unauthenticated attackers to crash the service through specially crafted HTTP requests.
CVE-2026-28318 is classified as an Uncontrolled Resource Consumption flaw (CWE-400), a vulnerability class where an application fails to properly limit the resources it allocates in response to incoming input.
In this case, an attacker can send a malicious POST request using the Content-Encoding: deflate HTTP header, forcing the Serv-U service to consume excessive resources and crash without requiring any authentication credentials.
The attack vector is particularly alarming because it requires zero privileges and can be triggered remotely over the network. This makes it an attractive initial-access vector for threat actors targeting organizations that expose Serv-U services to the internet.
CISA added CVE-2026-28318 to the KEV catalog on June 5, 2026, setting a remediation deadline of June 19, 2026 for all Federal Civilian Executive Branch (FCEB) agencies. Under Binding Operational Directive (BOD) 22-01, federal agencies are mandated to remediate KEV-listed vulnerabilities within the specified timeframe.
Whether the vulnerability has been leveraged specifically in ransomware campaigns remains unknown at this time, though CISA urges all organizations, not just federal entities, to treat this with high urgency given active exploitation in the wild.
Affected Products and Patch Availability
SolarWinds has released a hotfix addressing the vulnerability in Serv-U version 15.5.4 Hotfix 1. Organizations running any prior version of Serv-U are considered vulnerable and should apply the patch immediately.
SolarWinds published the advisory through its Trust Center, and full technical details are available via the NVD entry for CVE-2026-28318.
Apply the SolarWinds Serv-U 15.5.4 Hotfix 1 patch immediately
Restrict Serv-U service exposure by placing it behind a firewall or VPN where feasible
Monitor logs for anomalous POST requests containing Content-Encoding: deflate headers
Disable or decommission Serv-U instances if patching is not immediately possible
Follow BOD 22-01 guidance for cloud-hosted Serv-U deployments
Security teams should consult the official SolarWinds advisory and NIST NVD entry for the latest technical details and patch guidance.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Tags
cyber security
cyber security news
vulnerability
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Guru Baranhttps://cybersecuritynews.com
Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments.
Trending News
Anthropic’s Claude Oceanus-v1-p Opens to Red Team Testing, but Distribution is Compromised
Let’s Encrypt Unveils Merkle Tree Certificates to Secure the Web Against Quantum Threats
1-Click GitHub Token Vulnerability Lets Attackers Steal Users’ OAuth Tokens
Critical StrongDM Vulnerability Allows Attackers to Steal and Reuse Authentication
New SHub Stealer Variant Malware Targets Chrome, Firefox, Brave, Edge, Opera, and Crypto Wallets
Latest News
Cyber Security News
Critical Hugging Face Transformers Vulnerability Enables Remote Code Execution Attacks
Cyber Security
OWASP CVE Lite CLI – New Tool to Scan for Vulnerabilities in Your Projects
Cyber Security News
Anthropic’s Claude Services Down — claude.ai, Claude Code, and Cowork Affected [Updated]
Cyber Security News
Hackers Publish Malicious Python Package Mimicking Legitimate Parsimonious Parser
Cyber Security News
Hackers are Increasingly Weaponizing Trusted Tools to Deploy Notorious Malware