HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Active Exploitation of SolarWinds Serv‑U DoS Flaw (CVE‑2026‑28318) Threatens Servers Across Federal and Private Sectors

CISA has warned that attackers are exploiting a newly patched denial‑of‑service vulnerability in SolarWinds Serv‑U (CVE‑2026‑28318). The flaw can crash FTP/FTPS/SFTP services without authentication, affecting thousands of exposed servers in both government and commercial environments. Immediate remediation is required to avoid service disruption and potential downstream supply‑chain impact.

LiveThreat™ Intelligence · 📅 June 06, 2026· 📰 bleepingcomputer.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
3 recommended
📰
Source
bleepingcomputer.com

Active Exploitation of SolarWinds Serv‑U DoS Flaw (CVE‑2026‑28318) Crashes Servers Across Federal and Private Sectors

What Happened — CISA confirmed that threat actors are actively exploiting a high‑severity denial‑of‑service vulnerability (CVE‑2026‑28318) in SolarWinds Serv‑U file‑transfer software. The flaw allows unauthenticated attackers to send specially‑crafted POST requests that crash the service. Over 12 000 Internet‑exposed Serv‑U instances have been identified, and exploitation is already observed in the wild.

Why It Matters for TPRM

  • Unpatched Serv‑U servers can experience abrupt service outages, disrupting critical business processes.
  • The vulnerability is being weaponised by both criminal and state‑aligned groups, raising the risk of broader supply‑chain impact.
  • Federal directives now mandate patching by June 19 2026, but many private‑sector vendors remain exposed.

Who Is Affected — Organizations that deploy SolarWinds Serv‑U for Managed File Transfer, including federal agencies, MSPs, SaaS providers, and enterprises across finance, healthcare, and manufacturing.

Recommended Actions

  • Verify that all Serv‑U instances are upgraded to version 15.5.4 Hotfix 1 or later.
  • If immediate patching is not possible, restrict inbound traffic to known IP ranges and block POST requests containing the “Content‑Encoding” header.
  • Conduct a rapid inventory of all exposed Serv‑U servers and assess their exposure to the CVE.

Technical Notes — The flaw stems from uncontrolled resource consumption triggered by a crafted Content‑Encoding: deflate POST request. No authentication is required, and the attack can be launched remotely with low complexity. CVE‑2026‑28318 is catalogued in CISA’s Known Exploited Vulnerabilities list. Source: BleepingComputer

📰 Original Source
https://www.bleepingcomputer.com/news/security/cisa-hackers-now-exploit-solarwinds-serv-u-flaw-to-crash-servers/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →