CISA warned that attackers are targeting a recently patched SolarWinds Serv-U flaw tracked as CVE-2026-28318, which can crash the service through specially crafted POST requests without authentication. SolarWinds fixed the issue in Serv-U 15.5.4 Hotfix 1 and urged customers, including those on end-of-life versions, to upgrade immediately as CISA added the vulnerability to its KEV catalog. #CVE-2026-28318 #SolarWinds #CISA #Serv-U
Keypoints
- CISA warned of active attacks targeting SolarWinds Serv-U.
- The issue is tracked as CVE-2026-28318 with a CVSS score of 7.5.
- Exploitation can crash the Serv-U service using specially crafted POST requests.
- The flaw does not require authentication and was fixed in Serv-U 15.5.4 Hotfix 1.
- CISA added the vulnerability to its Known Exploited Vulnerabilities catalog and urged immediate patching.
Read More: https://www.securityweek.com/solarwinds-patches-exploited-serv-u-vulnerability/