CISA says hackers are now actively exploiting a recently patched SolarWinds Serv-U bug to crash exposed file-transfer servers. The flaw, CVE-2026-28318, affects SolarWinds Serv-U MFT and FTP software on Windows and Linux and can be triggered without authentication using specially crafted POST requests with Content-Encoding: deflate; SolarWinds fixed it in Serv-U 15.5.4 Hotfix 1 and advised admins who cannot patch to restrict access and block such requests.
Why it matters: Organizations running internet-exposed Serv-U servers could face service outages right now, including federal agencies ordered to remediate by June 19. If you use Serv-U, patch immediately or apply SolarWinds' temporary filtering and access restrictions while checking for signs of attempted abuse.
Ionut Arghire
2026.06.08
98% relevant
This is the same underlying event: active exploitation of SolarWinds Serv-U CVE-2026-28318. The article adds patch timing details, notes the fix is Serv-U 15.5.4 Hotfix 1, explains the unauthenticated specially crafted POST request with the 'Content-Encoding: deflate' header, and reiterates affected/EoL versions and CISA's June 19 federal patch deadline.
info@thehackernews.com (The Hacker News)
2026.06.06
99% relevant
It covers the same underlying event: CISA adding the actively exploited SolarWinds Serv-U flaw CVE-2026-28318 to the Known Exploited Vulnerabilities catalog, reinforcing the exploitation status and remediation urgency for affected organizations.
Sergiu Gatlan
2026.06.05
100% relevant
This article establishes a new tracked story because it is the first item here tying SolarWinds Serv-U CVE-2026-28318 to active exploitation and CISA KEV inclusion.
← Back to all stories