A denial‑of‑service flaw in SolarWinds Serv‑U, tracked as CVE‑2026‑28318, is being actively exploited in the wild, according to recent alerts reported by SecurityWeek.
The vulnerability carries a CVSS score of 7.5 and allows unauthenticated attackers to exhaust system resources through specially crafted POST requests to the Serv‑U web interface as detailed by securityonline.info.
SolarWinds issued a hotfix on June 5, and the flaw was promptly added to the CISA Known Exploited Vulnerabilities catalogue on the same day.
CISA urged federal agencies to apply the patch by June 19, noting that exploitation was seen between June 5 and June 8, and a weekly threat‑intelligence summary logged 1,701 new vulnerabilities in early June while flagging active use of this Serv‑U issue in the wild.
Defenders should install the hotfix on every internet‑facing Serv‑U host, move management interfaces behind a firewall or VPN, and watch web logs for repeated or unusually large POST payloads that could signal ongoing attempts.
Keeping an accurate asset inventory helps verify patch coverage, disabling unused services reduces the attack surface, and staying tuned to vendor bulletins and CISA advisories ensures that future risks are caught early with an incident‑response plan ready.