The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the active exploitation of a high-severity SolarWinds Serv-U flaw that was recently patched, resulting in server crashes.
Serv-U, a file transfer software by SolarWinds, provides Managed File Transfer (MFT) and FTP server capabilities for secure file exchange via various protocols such as HTTP/HTTPS, FTP, FTPS, and SFTP.
SolarWinds released Serv-U 15.5.4 Hotfix 1 to address a denial-of-service vulnerability (CVE-2026-28318) caused by uncontrolled resource consumption.
SolarWinds stated, “SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate.”
Attackers can exploit this security flaw with low-complexity attacks that do not require user interaction or privileges.
Administrators who cannot immediately apply the patch are advised to restrict access to known addresses and block any POST requests containing “content-encoding” to mitigate the risk.
Shodan and Shadowserver have identified thousands of exposed Serv-U servers online, highlighting the urgency of patching vulnerable systems.
.jpg)
CISA has listed the exploited vulnerability in the Known Exploited Vulnerabilities Catalog, mandating Federal Civilian Executive Branch agencies to secure their servers by June 19 under Binding Operational Directive (BOD) 22-01.
While the directive applies to U.S. government entities, CISA urges all network defenders, including the private sector, to protect against ongoing attacks related to CVE-2026-28318.
Cybercrime groups and state-backed hackers have previously targeted Serv-U vulnerabilities to compromise networks and steal sensitive data, emphasizing the importance of timely mitigation.
In a recent campaign, the Clop ransomware gang and DEV-0322 Chinese hackers exploited Serv-U vulnerabilities to infiltrate corporate networks and launch zero-day attacks.
Furthermore, cybersecurity firms GreyNoise and Rapid7 identified a Serv-U path-traversal vulnerability (CVE-2024-28995) as actively exploited in June 2024.
CISA has flagged 11 vulnerabilities in various SolarWinds products as actively exploited in attacks, underscoring the persistent threat landscape.
Security teams detect only 14% of successful attacks, allowing threats to go unnoticed in your environment.
Discover how breach and attack simulation tests can enhance your security posture and prevent threats from evading detection. Download the whitepaper now.
Get the whitepaper
EU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
Warning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
Facebook’s New Look: A Blend of Instagram’s Style
Facebook Compliance: ICE-tracking Page Removed After US Government Intervention
Facebook and Instagram to Reduce Personalized Ads for European Users
InstaDub: Meta’s AI Translation Tool for Instagram Videos
Reclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
Meta discontinues Messenger apps for Windows and macOS
Subscribe to our weekly newsletter below and never miss the latest News or an exclusive offer.
