CISA Flags SolarWinds Serv-U DoS Bug as Actively Exploited

Michael Miller · 2026-06-06

If you're running SolarWinds Serv-U, it's time to pay close attention. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) just added a high-severity vulnerability in this multi-protocol file server software to its Known Exploited Vulnerabilities (KEV) catalog. Why does that matter? Because it means attackers are already using it in the wild. This isn't some theoretical risk. The flaw, tracked as CVE-2026-28318, carries a CVSS score of 7.5 out of 10. That puts it in the high-severity range. And the impact? It's a denial-of-service (DoS) bug that can crash the service entirely. ### What Exactly Is CVE-2026-28318? At its core, this vulnerability lets an attacker send specially crafted requests to the Serv-U server. These requests overwhelm the system, causing it to stop responding or crash altogether. For businesses relying on Serv-U for file transfers, that means downtime, lost productivity, and potential data access issues. Here's what you need to know: - **Vulnerability Type:** Denial-of-Service (DoS) - **CVSS Score:** 7.5 (High) - **Affected Software:** SolarWinds Serv-U multi-protocol file server - **Status:** Actively exploited, per CISA  ### Why CISA's KEV Catalog Matters CISA doesn't add vulnerabilities to its KEV catalog lightly. The agency only includes flaws that are: - Actively exploited by attackers - Backed by credible evidence of real-world attacks - Considered a significant risk to federal agencies and critical infrastructure When you see a CVE in this catalog, treat it as an urgent priority. The clock is ticking. Federal agencies have a binding operational directive to patch within a specific timeframe. For private sector organizations, it's a strong signal to move fast.  ### What Should You Do Right Now? First, check if your SolarWinds Serv-U installation is vulnerable. The affected versions are those prior to the latest security update. SolarWinds has released a patch specifically addressing CVE-2026-28318. Here's your action plan: - **Update immediately.** Apply the latest Serv-U patch from SolarWinds. - **Monitor your logs.** Look for unusual traffic patterns or repeated crash events. - **Review access controls.** Limit who can reach the Serv-U server to reduce exposure. - **Consider additional protections.** Firewall rules or intrusion prevention systems can help mitigate DoS attempts. ### The Bigger Picture This isn't the first time SolarWinds has been in the spotlight. The company's software was at the center of a massive supply chain attack in 2020. While this DoS flaw is less severe than that incident, it still highlights a pattern: enterprise file transfer tools are attractive targets. Attackers know that file servers handle sensitive data. A DoS attack might be a distraction while they attempt other exploits, or it could be a way to disrupt operations for ransom. Either way, you don't want to be caught unprepared. ### Final Thoughts CISA's addition of CVE-2026-28318 to the KEV catalog is a clear warning. This isn't a vulnerability you can afford to ignore. Patch your systems, review your security posture, and stay vigilant. Remember: in cybersecurity, speed matters. The difference between a minor incident and a major breach often comes down to how quickly you act. Don't let this one slip through the cracks.