SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability
CVE-2026-28318
Key Information:
- Vendor
Solarwinds
- Status
- Vendor
- CVE Published:
- 4 June 2026
Badges
What is CVE-2026-28318?
false
CISA has reported CVE-2026-28318
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-28318 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Serv-U Windows 15.5.4 and previous versions
News Articles
CISA Alerts on Actively Exploited SolarWinds Serv-U Denial-of-Service Flaw - IT Security News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability in SolarWinds Serv-U to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-28318, this flaw allows unauthenticated threat actors to remotely crash the file transfer serv...
2 days ago
CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks - IT Security News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical SolarWinds Serv-U vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that threat actors are actively exploiting the flaw in the wild. Tracked as CVE-2026-28318, the vulnerability affects…Re...
2 days ago
CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog
CISA added CVE-2026-28318, a high-severity SolarWinds Serv-U DoS flaw, to its KEV catalog after evidence of active exploitation.
2 days ago
References
EPSS Score
6% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 📈
Vulnerability started trending
- 👾
Exploit known to exist
- 🦅
CISA Reported
- 📰
First article discovered by BleepingComputer
Vulnerability published
Vulnerability Reserved