The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a significant security vulnerability affecting SolarWinds’ Serv-U file server software. This flaw has now been included in CISA’s Known Exploited Vulnerabilities (KEV) catalog due to confirmed instances of active exploitation.
Details of the Vulnerability
Identified as CVE-2026-28318, this high-severity weakness carries a CVSS score of 7.5. It is a denial-of-service (DoS) issue that leads to service disruptions when the server encounters specific situations. The flaw involves uncontrolled resource consumption, which can be intentionally triggered to cause service crashes.
According to SolarWinds’ advisory, the vulnerability is triggered through specially crafted POST requests using the Content-Encoding: deflate method, which can crash the Serv-U service without the need for authentication. This issue has been resolved in the latest update, SolarWinds Serv-U version 15.5.4 HF1. As preventive measures, it is recommended to restrict access to trusted sources and block any requests containing the ‘content-encoding’ header.
Security Implications and Response
There is currently no public information on the exploitation specifics or the identities of the attackers leveraging this flaw. The extent of compromised Serv-U instances exposed on the internet remains uncertain. Despite the lack of detailed attack vectors, the vulnerability’s potential impact underscores the importance of immediate action.
CISA has mandated that Federal Civilian Executive Branch (FCEB) agencies remediate this security issue by June 19, 2026. Historically, similar vulnerabilities in Serv-U have been targeted by cybercriminal groups, including those linked to the notorious Cl0p ransomware.
Future Outlook and Recommendations
The inclusion of this vulnerability in CISA’s catalog highlights the critical nature of maintaining robust cybersecurity defenses. Organizations using SolarWinds Serv-U should prioritize patching and implementing recommended security controls to mitigate risks.
This incident serves as a reminder of the evolving threat landscape and the necessity for proactive vulnerability management strategies. Staying informed and responsive to such advisories is crucial for safeguarding against potential cyber threats.
