CISA Warns of Actively Exploited SolarWinds Serv-U Flaw

A critical vulnerability (CVE-2026-28318) has been discovered in SolarWinds Serv-U, allowing attackers to crash servers through specially crafted POST requests without authentication. Added to the CISA's Known Exploited Vulnerabilities catalog, it poses high risks to corporate networks, prompting a federal mandate for remediation by June 19, 2026. Administrators are urged to upgrade to version 15.5.4 HF1 or implement firewall controls to block specific types of web requests acting as the attack vector.