THE US cybersecurity agency CISA has issued a warning regarding attacks exploiting a recently patched vulnerability in SolarWinds' Serv-U software, tracked as CVE-2026-28318, which has a CVSS score of 7.5. This denial-of-service vulnerability can be exploited through specially crafted POST requests and does not require authentication. SolarWinds has released a hotfix to address this issue, urging users, particularly those on older, unsupported versions, to upgrade immediately.
While there are no confirmed instances of this vulnerability being exploited in the wild, it has been added to CISA's Known Exploited Vulnerabilities catalog, emphasizing its potential risk. CISA recommends that federal agencies apply the patch by June 19 to mitigate threats.