CISA Adds SolarWinds Serv-U Vulnerability to KEV Catalog Amid Active Exploitation
CISA has added CVE-2026-28318, a SolarWinds Serv-U vulnerability, to its Known Exploited Vulnerabilities catalog due to active exploitation.
The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of CVE-2026-28318 to its catalog of Known Exploited Vulnerabilities (KEV). This designation signifies that the vulnerability, which affects SolarWinds Serv-U software, has been observed under active exploitation in the wild, posing a significant threat.
The vulnerability, identified as an "uncontrolled resource consumption" flaw, can be a potent attack vector for malicious actors. While specific details of the exploitation mechanism are not provided in the announcement, this class of vulnerability often leads to denial-of-service conditions or can be chained with other exploits to achieve more severe impacts, such as remote code execution or system compromise.
CISA's Binding Operational Directive (BOD) 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies must remediate vulnerabilities listed in the KEV catalog by a specified deadline. This directive aims to proactively reduce the attack surface against critical federal networks by ensuring that known exploited weaknesses are addressed promptly.
While BOD 22-01 specifically targets FCEB agencies, CISA strongly encourages all organizations, regardless of sector, to prioritize the patching of CVE-2026-28318. Integrating KEV catalog vulnerabilities into routine vulnerability management practices is crucial for bolstering overall cybersecurity posture and mitigating risks associated with actively exploited threats.
SolarWinds Serv-U is a widely used software solution for file transfer and remote access, making any vulnerability within it a potential target for widespread attacks. The active exploitation of CVE-2026-28318 underscores the urgency for administrators to identify and patch affected installations.
Organizations running SolarWinds Serv-U should consult the vendor's security advisories for the latest information on affected versions and available patches. Prompt application of these updates is the most effective defense against exploitation of this newly cataloged vulnerability.
CISA has committed to continuously updating the KEV catalog as new vulnerabilities are identified and evidence of active exploitation emerges. This ongoing effort aims to provide a clear, actionable list of high-priority vulnerabilities for organizations to address, thereby enhancing national cybersecurity resilience.
CISA has issued a new alert specifying that threat actors are actively exploiting CVE-2024-28933, a critical vulnerability in SolarWinds Serv-U software. This flaw allows attackers to remotely crash servers by sending specially crafted requests. While SolarWinds patched this vulnerability in April 2024, the agency urges immediate application of security updates to prevent further exploitation.