CISA has added a high-severity vulnerability in SolarWinds Serv-U to its Known Exploited Vulnerabilities (KEV) catalog after finding evidence that it has been actively exploited in attacks. The vulnerability, tracked as CVE-2026-28318, has a CVSS score of 7.5 and is a Denial-of-Service (DoS) flaw that could cause service disruption under certain conditions.
The vulnerability stems from an uncontrolled resource consumption issue. According to SolarWinds, Serv-U may be affected by specially crafted POST requests that could cause the Serv-U service to crash without authentication when Content-Encoding: deflate is used. SolarWinds has already fixed the vulnerability in SolarWinds Serv-U version 15.5.4 HF1.
At this time, no details have been disclosed regarding the attack method or the threat actors behind the exploitation. The number of internet-exposed Serv-U systems that may be affected by such attacks has also not been disclosed. CISA has required Federal Civilian Executive Branch (FCEB) agencies to remediate the vulnerability by June 19, 2026. Administrators using SolarWinds Serv-U should update to the fixed version and apply risk mitigation measures recommended by SolarWinds.
Source: https://thehackernews.com/2026/06/cisa-adds-actively-exploited-solarwinds.html