In a nutshell: SolarWinds Serv-U is vulnerable to unauthenticated DoS attacks through CVE-2026-28318 (CVSS 7.5); CISA reports active exploitation and sets a deadline of June 19, 2026.
The US agency CISA has added the Denial-of-Service vulnerability CVE-2026-28318 in SolarWinds Serv-U to its catalog of actively exploited vulnerabilities. The flaw allows unauthenticated attackers to crash the file server service.
CISA has added CVE-2026-28318 with a CVSS score of 7.5 to its KEV catalog (Known Exploited Vulnerabilities). The security vulnerability affects SolarWinds Serv-U, a widely used multi-protocol file server software. The flaw results from uncontrolled resource consumption and enables Denial-of-Service conditions.
Attackers can use specially crafted POST requests with the “Content-Encoding: deflate” header field to crash the Serv-U service without prior authentication. This is a critical distinction from many other attack scenarios, as the attacker does not require credentials. To date, neither CISA nor SolarWinds has disclosed details about how many internet-accessible instances have already been compromised or which threat actors are behind the exploitation. However, Serv-U has been repeatedly targeted in the past by malicious groups, including actors with connections to the Cl0p ransomware gang.
SolarWinds has released update Serv-U 15.5.4 HF1, which completely resolves the vulnerability. CISA has instructed US federal agencies to deploy the patch by June 19, 2026. For organizations unable to deploy the update immediately, SolarWinds recommends two protective measures: strictly restrict network access to trusted IP addresses and block all incoming requests with Content-Encoding headers, as this header is not required for normal operation.
Source: www.it-daily.net · Published June 9, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.