SolarWinds Serv-U advisory and mitigations for CVE-2026-28318
Advisory/Mitigation
Summary
Hide ▲
Show ▼
SolarWinds Serv-U mitigation guidance now covers CVE-2026-28318, reducing unauthenticated DoS risk from specially crafted POST requests. SolarWinds says the flaw is addressed in version 15.5.4 HF1 and recommends limiting access to known addresses. Operators should also block requests containing "content-encoding" because the service does not require that functionality.
Related Happenings
CISA KEV order for SolarWinds Serv-U CVE-2026-28318
Public Sector Action
First: 06.06.2026 11:14
Last: 06.06.2026 11:14
Sources 1
How related:
CISA has ordered Federal Civilian Executive Branch (FCEB) agencies to address the flaw by June 19, 2026.
About this happening:
**CISA** added **CVE-2026-28318** affecting **SolarWinds Serv-U** to the **KEV catalog** and ordered **FCEB agencies** to remediate it by **June 19, 2026**. The directive expands...
CISA KEV order for SolarWinds Serv-U CVE-2026-28318
Public Sector ActionHow related: CISA has ordered Federal Civilian Executive Branch (FCEB) agencies to address the flaw by June 19, 2026.
About this happening: **CISA** added **CVE-2026-28318** affecting **SolarWinds Serv-U** to the **KEV catalog** and ordered **FCEB agencies** to remediate it by **June 19, 2026**. The directive expands...
SolarWinds Serv-U denial-of-service flaw actively exploited (CVE-2026-28318)
Vulnerability
First: 05.06.2026 22:15
Last: 05.06.2026 22:15
Sources 1
How related:
The vulnerability, tracked as CVE-2026-28318 (CVSS score: 7.5), is a denial-of-service (DoS) bug that causes the service to crash under certain conditions.
About this happening:
**CISA** added **CVE-2026-28318** affecting **SolarWinds Serv-U** to the **Known Exploited Vulnerabilities (KEV) catalog** after evidence of **active exploitation**. The **high-se...
SolarWinds Serv-U denial-of-service flaw actively exploited (CVE-2026-28318)
VulnerabilityHow related: The vulnerability, tracked as CVE-2026-28318 (CVSS score: 7.5), is a denial-of-service (DoS) bug that causes the service to crash under certain conditions.
About this happening: **CISA** added **CVE-2026-28318** affecting **SolarWinds Serv-U** to the **Known Exploited Vulnerabilities (KEV) catalog** after evidence of **active exploitation**. The **high-se...
SolarWinds security patch release for CVE-2026-28318
Security Patch Release
First: 05.06.2026 22:15
Last: 05.06.2026 22:15
Sources 1
About this happening:
SolarWinds released **Serv-U 15.5.4 Hotfix 1** for **CVE-2026-28318**, an **actively exploited** denial-of-service flaw that can crash exposed **Serv-U** servers. The update fixes...
SolarWinds security patch release for CVE-2026-28318
Security Patch ReleaseAbout this happening: SolarWinds released **Serv-U 15.5.4 Hotfix 1** for **CVE-2026-28318**, an **actively exploited** denial-of-service flaw that can crash exposed **Serv-U** servers. The update fixes...
Cisco security patch release for CVE-2026-20184
Security Patch Release
First: 16.04.2026 14:27
Last: 16.04.2026 14:27
Sources 1
About this happening:
**Cisco** released patches for **four critical flaws** affecting **Identity Services Engine (ISE)**, **ISE-PIC**, and **Webex Services**, closing paths to **arbitrary code executi...
Cisco security patch release for CVE-2026-20184
Security Patch ReleaseAbout this happening: **Cisco** released patches for **four critical flaws** affecting **Identity Services Engine (ISE)**, **ISE-PIC**, and **Webex Services**, closing paths to **arbitrary code executi...
Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)
Security Patch Release
First: 07.04.2026 12:26
Last: 07.04.2026 12:26
Sources 1
About this happening:
**Fortinet FortiClient EMS** is a **security-patch release** happening centered on **CVE-2026-35616** and **CVE-2026-21643**. Fortinet issued an **out-of-band emergency hotfix** a...
Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)
Security Patch ReleaseAbout this happening: **Fortinet FortiClient EMS** is a **security-patch release** happening centered on **CVE-2026-35616** and **CVE-2026-21643**. Fortinet issued an **out-of-band emergency hotfix** a...
Latest development: 28.05.2026 18:26
Arctic Wolf observed threat actors abusing FortiClient Endpoint Management Server (EMS) and CVE-2026-35616 in May 2026 to modify EMS-managed configuration, disguise FortiEndpoint_Patch.exe as a Fortinet endpoint update, and use fortitray.exe, cmd.exe, and a Base64-encoded PowerShell chain to download malware and exfiltrate browser data to 83.138.53[.]110.
Timeline
-
06.06.2026 11:14 2 articles · 3h ago
CISA flags active exploitation of SolarWinds Serv-U CVE-2026-28318 and SolarWinds issues a fix
Mitigation Patch UpdateCISA added CVE-2026-28318 affecting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. SolarWinds said specially crafted POST requests using Content-Encoding: deflate can crash the Serv-U service without authentication, and the issue is addressed in SolarWinds Serv-U version 15.5.4 HF1. Operators are advised to limit access to known addresses and block requests containing content-encoding, while FCEB agencies must address the flaw by June 19, 2026.
Show sources
- CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog — thehackernews.com — 06.06.2026 11:14
- CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog — thehackernews.com — 06.06.2026 11:14