HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Active Exploitation of SolarWinds Serv‑U Uncontrolled Resource Consumption (CVE‑2026‑28318) Threatens Enterprise File Transfer Services

CISA added CVE‑2026‑28318 to its Known Exploited Vulnerabilities catalog after observing active attacks against SolarWinds Serv‑U. The flaw lets unauthenticated actors exhaust server resources, causing denial‑of‑service and opening a supply‑chain foothold for attackers targeting third‑party file‑transfer services.

LiveThreat™ Intelligence · 📅 June 05, 2026· 📰 cisa.gov
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
5 recommended
📰
Source
cisa.gov

Active Exploitation of SolarWinds Serv‑U Uncontrolled Resource Consumption (CVE‑2026‑28318) Threatens Enterprise File Transfer Services

What It Is – SolarWinds Serv‑U (a widely‑deployed FTP/SFTP server) contains an uncontrolled resource‑consumption flaw (CVE‑2026‑28318). When triggered, the vulnerability allows an unauthenticated remote attacker to saturate CPU and memory, leading to denial‑of‑service conditions.

Exploitability – CISA’s KEV catalog confirms the vulnerability is being actively exploited in the wild. No public PoC is required; exploitation has been observed against multiple public‑facing Serv‑U instances. The CVSS v3.1 base score is 7.8 (High).

Affected Products – SolarWinds Serv‑U 10.x and 11.x (all supported editions). The flaw is present in the core file‑transfer service and any custom authentication plug‑ins that invoke the vulnerable code path.

TPRM Impact – Third‑party risk managers must treat any vendor that hosts, integrates, or relies on Serv‑U as a potential supply‑chain weak point. A compromised Serv‑U instance can disrupt critical data flows, expose internal network topology, and serve as a foothold for lateral movement into downstream systems.

Recommended Actions

  • Prioritize patching CVE‑2026‑28318 on all Serv‑U assets within 7 days.
  • If patching cannot be completed immediately, apply the vendor‑provided temporary mitigation (limit concurrent connections, enforce strict rate‑limiting, and disable unused services).
  • Update vulnerability‑management tooling to flag the KEV entry and generate remediation tickets for any identified Serv‑U hosts.
  • Conduct a rapid inventory of all third‑party contracts that include Serv‑U or rely on its file‑transfer capabilities; notify those vendors of the risk and request evidence of remediation.
  • Review network segmentation to ensure Serv‑U servers are isolated from critical internal systems and that outbound traffic is restricted to known management endpoints.

Source: CISA Advisory – CISA Adds One Known Exploited Vulnerability to Catalog (CVE‑2026‑28318)

📰 Original Source
https://www.cisa.gov/news-events/alerts/2026/06/05/cisa-adds-one-known-exploited-vulnerability-catalog

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

Monitor Your Vendor Risk with LiveThreat™

Get automated breach alerts, security scorecards, and intelligence briefs when your vendors are compromised.

Start Free Trial → Learn About Scorecards
← All Intelligence Briefs Breach Watch Feed →