{"id":266228,"date":"2026-06-06T17:53:00","date_gmt":"2026-06-06T21:53:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/06\/u-s-cisa-adds-solarwinds-serv-u-flaw-to-its-known-exploited-vulnerabilities-catalog\/"},"modified":"2026-06-06T20:55:12","modified_gmt":"2026-06-07T00:55:12","slug":"u-s-cisa-adds-solarwinds-serv-u-flaw-to-its-known-exploited-vulnerabilities-catalog","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/06\/u-s-cisa-adds-solarwinds-serv-u-flaw-to-its-known-exploited-vulnerabilities-catalog\/","title":{"rendered":"U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog"},"content":{"rendered":"

U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog<\/a><\/p>\n

https:\/\/securityaffairs.com\/193245\/security\/u-s-cisa-adds-solarwinds-serv-u-flaw-to-its-known-exploited-vulnerabilities-catalog.html<\/a><\/p>\n

Publish Date: 2026-06-06 17:53:00<\/a><\/p>\n

Source Domain: securityaffairs.com<\/a><\/p>\n

U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog<\/h2>\n<\/p>\n

\t\t\t\t\t\t\t Pierluigi Paganini<\/span>
\n\t\t\t\t\t\t\t\"\"\/ June 06, 2026<\/span><\/p>\n

\t\t\t\t\t\t\"\"\/<\/p>\n

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog.<\/h2>\n

The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added SolarWinds Serv-U flaw, tracked as CVE-2026-28318 (CVSS ver 3.1 score of 7.5), to its Known Exploited Vulnerabilities (KEV) catalog. SolarWinds Serv-U is a managed file transfer (MFT) and secure file server platform developed by SolarWinds<\/p>\n

The CVE-2026-28318 flaw is an unauthenticated denial-of-service (DoS) vulnerability affecting SolarWinds Serv-U. The issue allows a remote attacker to send a specially crafted HTTP POST request using the Content-Encoding: deflate header, causing the Serv-U service to crash without requiring valid credentials. <\/p>\n

Successful exploitation can disrupt file transfer operations and make the service unavailable to legitimate users. SolarWinds has released security updates to address the vulnerability and recommends applying them as soon as possible. For organizations unable to deploy the patch immediately, mitigation measures are available through the SolarWinds Trust Center.<\/p>\n

\u201cSolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate.\u201d reads the advisory.<\/p>\n

The flaw affects SolarWinds Serv-U 15.5.4 and earlier; Serv-U 15.5.4 HF1 addressed the issue.<\/p>\n

According to\u00a0Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.<\/p>\n

Experts also recommend that private organizations review the\u00a0Catalog\u00a0and address the vulnerabilities in their…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog https:\/\/securityaffairs.com\/193245\/security\/u-s-cisa-adds-solarwinds-serv-u-flaw-to-its-known-exploited-vulnerabilities-catalog.html Publish Date:…<\/p>\n","protected":false},"author":1,"featured_media":266229,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2020\/07\/CISA.jpeg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-266228","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/266228"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=266228"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/266228\/revisions"}],"predecessor-version":[{"id":266230,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/266228\/revisions\/266230"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/266229"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=266228"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=266228"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=266228"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}