The U.S. Cybersecurity and Infrastructure Security Agency (CISA) Discovers Critical Vulnerability in SolarWinds Serv-U Software
A significant security flaw affecting SolarWinds Serv-U, a multi-protocol file server software, has been identified by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). This vulnerability has been included in the Known Exploited Vulnerabilities (KEV) catalog by CISA, as there is evidence of active exploitation.
The vulnerability, known as CVE-2026-28318 and with a CVSS score of 7.5, is classified as a high-severity denial-of-service (DoS) bug. This flaw can lead to the crashing of the Serv-U service under specific conditions. It is described by CISA as an uncontrolled resource consumption vulnerability that results in a DoS condition.
SolarWinds, in an advisory released recently, stated that “SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate.”
The security issue has been resolved in SolarWinds Serv-U version 15.5.4 HF1. To mitigate the risk, it is recommended to restrict access to known addresses and block any request containing “content-encoding” since the vulnerable service does not require this functionality.
Currently, there is limited information on how the vulnerability is being exploited in real-world attacks or the perpetrators behind them. It is also unclear how many internet-exposed Serv-U instances may have been compromised.
CISA has instructed Federal Civilian Executive Branch (FCEB) agencies to address this flaw by June 19, 2026. Previous vulnerabilities in Serv-U have been exploited by malicious actors, including those linked to the Cl0p ransomware gang.
