CyberSecurity News

CISA Warns: SolarWinds Serv-U Vulner Vulnerability Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical SolarWinds Serv-U vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. This action comes with a...

David kimber
David kimber
June 6, 2026 2 Min Read
2 0

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical SolarWinds Serv-U vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. This action comes with a warning: threat actors are actively exploiting the flaw in the wild.

Tracked as CVE-2026-28318, the vulnerability affects SolarWinds Serv-U file transfer software and enables unauthenticated attackers to crash the service through specially crafted HTTP requests.

CVE-2026-28318 is classified as an Uncontrolled Resource Consumption flaw (CWE-400), a vulnerability class where an application fails to properly limit the resources it allocates in response to incoming input.

In this case, an attacker can send a malicious POST request using the Content-Encoding: deflate HTTP header, forcing the Serv-U service to consume excessive resources and crash without requiring any authentication credentials.

The attack vector is particularly alarming because it requires zero privileges and can be triggered remotely over the network. This makes it an attractive initial-access vector for threat actors targeting organizations that expose Serv-U services to the internet.

CISA added CVE-2026-28318 to the KEV catalog on June 5, 2026, setting a remediation deadline of June 19, 2026 for all Federal Civilian Executive Branch (FCEB) agencies. Under Binding Operational Directive (BOD) 22-01, federal agencies are mandated to remediate KEV-listed vulnerabilities within the specified timeframe.

Whether the vulnerability has been leveraged specifically in ransomware campaigns remains unknown at this time, though CISA urges all organizations, not just federal entities, to treat this with high urgency given active exploitation in the wild.

Affected Products and Patch Availability

SolarWinds has released a hotfix addressing the vulnerability in Serv-U version 15.5.4 Hotfix 1. Organizations running any prior version of Serv-U are considered vulnerable and should apply the patch immediately.

SolarWinds published the advisory through its Trust Center, and full technical details are available via the NVD entry for CVE-2026-28318.

  • Apply the SolarWinds Serv-U 15.5.4 Hotfix 1 patch immediately
  • Restrict Serv-U service exposure by placing it behind a firewall or VPN where feasible
  • Monitor logs for anomalous POST requests containing Content-Encoding: deflate headers
  • Disable or decommission Serv-U instances if patching is not immediately possible
  • Follow BOD 22-01 guidance for cloud-hosted Serv-U deployments

Security teams should consult the official SolarWinds advisory and NIST NVD entry for the latest technical details and patch guidance.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVECybersecurityExploitPatchransomwareSecurityThreatVulnerability

Share Article

David kimber

David kimber

David is a penetration tester turned security journalist with expertise in mobile security, IoT vulnerabilities, and exploit development. As an OSCP-certified security professional, David brings hands-on technical experience to his reporting on vulnerabilities and security research. His articles often feature detailed technical analysis of exploits and provide actionable defense recommendations. David maintains an active presence in the security research community and has contributed to multiple open-source security tools.

No Comment! Be the first one.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts