Actively Exploited DoS Vulnerability (CVE-2026-28318) in SolarWinds Serv‑U Threatens File Transfer Services
What It Is – A high‑severity denial‑of‑service flaw (CVE‑2026‑28318) in SolarWinds Serv‑U multi‑protocol file server can cause the service to crash, leading to loss of file‑transfer capability. CISA has placed the vulnerability in its Known Exploited Vulnerabilities (KEV) catalog after observing active exploitation in the wild.
Exploitability – The vulnerability is actively exploited; proof‑of‑concept exploits have been observed in the wild. CVSS v3.1 base score 7.5 (High). No public ransomware or data‑exfiltration payloads are linked, but service disruption is confirmed.
Affected Products – SolarWinds Serv‑U (all supported versions prior to the vendor’s March 2026 patch).
TPRM Impact – Organizations that rely on Serv‑U for internal or partner file transfers face immediate service interruption, which can cascade to downstream vendors, delay business processes, and erode trust in the supply chain.
Recommended Actions –
- Deploy SolarWinds’ security patch for CVE‑2026‑28318 immediately.
- If patching cannot be done within 48 hours, implement network‑level throttling or firewall rules to block malformed requests that trigger the crash.
- Conduct a rapid inventory of all third‑party services that consume Serv‑U endpoints and verify their mitigation status.
- Monitor Serv‑U logs for abnormal connection patterns and set up alerts for service restarts.
- Communicate the risk and remediation timeline to affected business units and external partners.
Source: The Hacker News – CISA Adds Actively Exploited SolarWinds Serv‑U DoS Flaw to KEV Catalog