{"id":1200,"date":"2026-06-06T10:45:26","date_gmt":"2026-06-06T10:45:26","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=1200"},"modified":"2026-06-06T10:45:26","modified_gmt":"2026-06-06T10:45:26","slug":"cisa-adds-actively-exploited-solarwinds-serv-u-dos-flaw-to-kev-catalog","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=1200","title":{"rendered":"CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog"},"content":{"rendered":"<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">Jun 06, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Patch Management<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiQ_ZbsHhh5kUS5501itVSeBa91H50qNfHH_PQ1_2WEDLi-B_eKslYeu1_43fNAW55Z9TVR5ae8ZIGDm4vZQS0B7IHvG9Gdp4Knzt8QB1E7317tyEVhJYR8xo1HJ_vf6Ynrdtfj_u-pcryZ5NVulL7vw_9KLaGomIjKe40GYClUu-FDtXXwuKAfK7V8mKN-\/s1700-e365\/solarwinds-serv-u.jpg\" style=\"display: block;  text-align: center; clear: left; float: left;\"><\/a><\/div>\n<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2026\/06\/05\/cisa-adds-one-known-exploited-vulnerability-catalog\">added<\/a> a high-severity security flaw impacting SolarWinds Serv-U  multi-protocol file server software to its Known Exploited Vulnerabilities (<a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\">KEV<\/a>) catalog, citing evidence of active exploitation.<\/p>\n<p>The vulnerability, tracked as CVE-2026-28318 (CVSS score: 7.5), is a denial-of-service (DoS) bug that causes the service to crash under certain conditions. CISA described it as an uncontrolled resource consumption vulnerability that results in a DoS condition.<\/p>\n<p>\u00abSolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate,\u00bb SolarWinds <a href=\"https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2026-28318\">said<\/a> in an advisory released earlier this week.<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/vpn-threat-report-m\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhFlTC7RrRZGiFAgASS0noWSL0qsQGFVp8-Hvuw9yp3X3VKRuTcb5SsPX09wJzrdIM6pu1_5lS4EeZp7Sx4iYBpNJkrGnpr08yyaS1HQ5_5TxaCsP6O0OtHNuOkesn6CbNjao1GPulCJk-uljYMSfMZfBYNrngpe669t7jlRn1FqiEnXhsFD1WVkpaYIVgh\/s728-e100\/ai-d.jpg\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>The issue has been addressed in SolarWinds Serv-U version 15.5.4 HF1. As mitigations, it&#8217;s advised to limit access to known addresses and block any request containing \u00abcontent-encoding\u00bb since the vulnerable service does not require this functionality.<\/p>\n<p>There are currently no details on how the vulnerability is being exploited in real-world attacks, or who is behind them. It&#8217;s also unclear how many internet-exposed Serv-U instances are compromised, if any.<\/p>\n<p>CISA has ordered Federal Civilian Executive Branch (FCEB) agencies to address the flaw by June 19, 2026. In the past, multiple flaws in Serv-U have been exploited by bad actors, including those associated with the <a href=\"https:\/\/www.nccgroup.com\/research\/ta505-exploits-solarwinds-serv-u-vulnerability-cve-2021-35211-for-initial-access\/\">Cl0p ransomware gang<\/a>.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ue804Ravie Lakshmanan\ue802Jun 06, 2026Vulnerability \/ Patch Management The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its&hellip;<\/p>\n","protected":false},"author":1,"featured_media":1201,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[201,200,204,62,1532,128,70,203,59,56],"class_list":["post-1200","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-actively","tag-adds","tag-catalog","tag-cisa","tag-dos","tag-exploited","tag-flaw","tag-kev","tag-servu","tag-solarwinds"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/1200","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1200"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/1200\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/1201"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1200"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1200"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1200"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}