THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the SolarWinds Serv-U vulnerability, tracked as CVE-2026-28318, to its Known Exploited Vulnerabilities catalog. This unauthenticated denial-of-service (DoS) vulnerability affects versions 15.5.4 and earlier of SolarWinds Serv-U, allowing remote attackers to crash the service with specially crafted HTTP POST requests.
CISA has mandated federal agencies to address this vulnerability by June 19, 2026, while SolarWinds has issued security updates and recommended immediate application. Organizations are also encouraged to review CISA's catalog for vulnerabilities in their systems.