Hackers actively exploit SolarWinds Serv-U flaw to crash servers, CISA warns

Hackers are actively exploiting a recently patched high-severity SolarWinds Serv-U flaw, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today. The vulnerability allows attackers to crash servers through specially crafted requests, with further coverage provided by Bleeping Computer.

The vulnerability, tracked as CVE-2026-28318, is a denial-of-service flaw in SolarWinds Serv-U file transfer software. Attackers can exploit it with low-complexity, unauthenticated POST requests that cause the Serv-U service to crash. CISA has added this vulnerability to its Known Exploited Vulnerabilities Catalog and mandated federal agencies to patch by June 19. While the mandate applies to U.S. government agencies, CISA urges all organizations, including the private sector, to apply mitigations or discontinue use if unavailable.

This Serv-U flaw follows a history of vulnerabilities in SolarWinds products being exploited by various threat actors, including ransomware gangs and state-sponsored groups, highlighting the ongoing risks associated with unpatched software in critical infrastructure.

Source: Bleeping Computer