The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning on Friday regarding ongoing attacks exploiting a vulnerability in the SolarWinds Serv-U software. This vulnerability, identified as CVE-2026-28318 with a CVSS score of 7.5, had been patched earlier in the week.
Details of the Vulnerability
The vulnerability in question is a denial-of-service (DoS) issue that can be exploited through specially crafted POST requests. This could lead to crashing the Serv-U service, according to SolarWinds. Importantly, exploitation of this flaw does not require authentication, making it a significant threat.
SolarWinds addressed this security defect in Serv-U version 15.5.4 Hotfix 1, urging all users to download and install the update. This includes those who have recently upgraded to version 15.5.4. The hotfix is designed to prevent attackers from utilizing requests with the ‘Content-Encoding: deflate’ header to bring down the service.
User Advisory and Agency Recommendations
Users operating on older versions such as 15.4.2, 15.5, and 15.5.1, which are no longer supported, are strongly advised to upgrade to the latest release immediately. While SolarWinds did not confirm active exploitation of CVE-2026-28318, CISA added it to its Known Exploited Vulnerabilities (KEV) catalog on Friday.
The origin of the attacks remains unclear, as does whether the vulnerability was exploited as a zero-day. Nevertheless, CISA, following its Binding Operational Directive (BOD) 22-01, has mandated federal agencies to apply the patch by June 19 to safeguard their networks.
Implications for Organizations
Though BOD 22-01 is specific to federal agencies, all organizations using Serv-U are encouraged to implement the SolarWinds hotfix without delay. The company’s advisory offers comprehensive guidance on both installing and, if necessary, removing the hotfix.
In light of these developments, organizations are urged to remain vigilant and ensure that all systems are updated to mitigate the risk of active threats. The swift application of these security measures is crucial for maintaining robust cybersecurity defenses.
Related: Chrome 149 Patches 429 Vulnerabilities
Related: Mirasvit Vulnerability Exploited to Execute Code on Magento Servers
Related: Gitea Vulnerability Exposed 30,000 Deployments to Attacks
Related: Half of the 6 Million Internet-Facing FTP Servers Lack Encryption
