CISA says attackers are actively exploiting the newly patched SolarWinds Serv-U flaw CVE-2026-28318 to crash exposed servers, and the issue affects the company’s Managed File Transfer and FTP software. SolarWinds has released a hotfix and urged admins to restrict access or block certain POST requests while CISA pushed federal agencies to patch by June 19. #SolarWinds #Serv-U #CVE-2026-28318 #CISA
Keypoints
- CISA confirmed active exploitation of CVE-2026-28318 in SolarWinds Serv-U.
- The flaw lets unauthenticated attackers crash the Serv-U service with crafted POST requests.
- SolarWinds released Serv-U 15.5.4 Hotfix 1 to fix the denial-of-service issue.
- Admins are advised to limit access and block POST requests containing “content-encoding” if they cannot patch immediately.
- CISA added the flaw to its Known Exploited Vulnerabilities Catalog and ordered federal agencies to patch by June 19.