CISA warns of active SolarWinds ServU exploit CVE-2026-28318

ON June 5, 2026, CISA added a new vulnerability, CVE-2026-28318, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. This vulnerability, associated with SolarWinds Serv-U, represents a significant risk to federal enterprises. Under Binding Operational Directive 22-01, FCEB agencies are required to remediate identified vulnerabilities to protect against cyber threats. CISA encourages all organizations to prioritize the timely remediation of vulnerabilities in the KEV Catalog.