The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a critical vulnerability in SolarWinds Serv-U software, which is being actively exploited by cyber attackers. This vulnerability has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog.
Details of the Vulnerability
Identified as CVE-2026-28318, this flaw affects the SolarWinds Serv-U file transfer application. It allows attackers without authentication to disrupt the service using specially crafted HTTP requests. The issue is categorized as an Uncontrolled Resource Consumption flaw, where the application fails to limit resources in response to inputs.
Attackers can exploit this by sending a malicious POST request with a ‘Content-Encoding: deflate’ header. This forces the service to use excessive resources and results in a crash, making it an appealing vector for attackers due to its remote exploitation capability.
Urgent Remediation Needed
On June 5, 2026, CISA added this vulnerability to its KEV catalog and mandated that all Federal Civilian Executive Branch (FCEB) agencies fix this vulnerability by June 19, 2026, under Binding Operational Directive (BOD) 22-01. Although no confirmed cases of this flaw being used in ransomware attacks have been reported, CISA strongly advises all organizations to address this issue immediately.
SolarWinds has responded by releasing a patch for the Serv-U version 15.5.4 Hotfix 1. Organizations using earlier versions are urged to update promptly to mitigate potential risks.
Protective Measures and Recommendations
To safeguard against this vulnerability, organizations should implement several protective measures. These include applying the latest SolarWinds patch, restricting the exposure of Serv-U services by using firewalls or VPNs, monitoring network logs for unusual POST requests with ‘Content-Encoding: deflate’ headers, and disabling Serv-U instances if immediate patching is not feasible.
Security teams are encouraged to review the official SolarWinds advisory and the National Institute of Standards and Technology (NIST) NVD entry for comprehensive technical details and patch guidance.
It is crucial for organizations to stay vigilant and updated on security advisories to prevent potential breaches. Follow us on Google News, LinkedIn, and X for instant updates on cybersecurity news.
