Active Exploitation of SolarWinds Serv-U Flaw CVE-2026-28318

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the active exploitation of a high-severity vulnerability in SolarWinds Serv-U, tracked as CVE-2026-28318. This flaw allows remote attackers to crash the Serv-U service using specially crafted POST requests without requiring authentication. The vulnerability stems from uncontrolled resource consumption and affects both Windows and Linux versions of Serv-U. SolarWinds released a hotfix (15.5.4 Hotfix 1) on June 4, 2026, to address this issue. CISA has added this CVE to its Known Exploited Vulnerabilities Catalog and mandated that all Federal Civilian Executive Branch agencies patch their servers by June 19, 2026. There are over 12,000 Serv-U servers exposed online, increasing the risk of exploitation. Administrators are advised to limit access to known addresses and block specific POST requests until the patch can be applied.

Key Points: • CISA warns of active exploitation of CVE-2026-28318 in SolarWinds Serv-U software. • The vulnerability allows attackers to crash the service without authentication. • Over 12,000 Serv-U servers are currently exposed online, heightening the risk.