CISA Warns of Exploited SolarWinds Serv-U Vulnerability Affecting U.S. Networks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a vulnerability in SolarWinds' Serv-U software that is being actively exploited. The vulnerability, identified as CVE-2026-28318, is a denial-of-service (DoS) issue that can be triggered by specially crafted POST requests, leading to the crash of the Serv-U service. This flaw, which does not require authentication to exploit, was patched by SolarWinds in a recent hotfix. Despite the patch, CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog, indicating that it is being used in attacks. The agency has urged federal agencies to apply the patch by June 19, 2026, to protect their networks from potential threats. SolarWinds has advised all users, including those with older versions of the software, to upgrade to the latest supported release to mitigate the risk. 
