[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f3nKy8MRaAcXvEXYXggjr9un_EOGh0HVKKnT_8tFlXzM":3},{"article":4,"iocs":50},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":29,"category":30,"article_tags":34},"823ae13d-5103-4527-9eda-c0ef7185efb0","CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers","cisa-hackers-now-exploit-solarwinds-serv-u-flaw-to-crash-servers-beb62a","CISA warned today that hackers are now actively exploiting a recently patched high-severity SolarWinds Serv-U flaw to crash servers. [...]","The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that hackers are actively exploiting a recently patched high-severity denial-of-service vulnerability (CVE-2026-28318) in SolarWinds Serv-U file transfer software. The flaw stems from uncontrolled resource consumption and allows unauthenticated remote attackers to crash servers via specially crafted POST requests. CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog and ordered federal agencies to patch by June 19, while urging the private sector to secure their networks immediately.","CISA warns hackers actively exploit SolarWinds Serv-U denial-of-service flaw CVE-2026-28318","CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers By Sergiu Gatlan June 5, 2026 03:15 PM 0 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today that hackers are now actively exploiting a recently patched high-severity SolarWinds Serv-U flaw to crash servers. Serv-U is the company's Windows and Linux file transfer software that offers Managed File Transfer (MFT) and FTP server capabilities, which allow users to securely exchange files via HTTP\u002FHTTPS, FTP, FTPS, and SFTP. SolarWinds released Serv-U 15.5.4 Hotfix 1 on Thursday to patch this denial-of-service vulnerability (tracked as CVE-2026-28318) and said it stems from an uncontrolled resource consumption weakness. \"SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate,\" the company said. Remote attackers can exploit the security flaw without privileges in low-complexity attacks that don't require user interaction. SolarWinds also advised admins who can't immediately deploy the patch to limit access to known addresses and to block any POST request containing \"content-encoding,\" since the vulnerable Serv-U service does not require this functionality. The Internet intelligence platform Shodan currently tracks over 12,000 Serv-U servers exposed online, and Internet security watchdog Shadowserver just over 3,100, but there is no information on how many have already been patched. Serv-U servers exposed online (Shodan) ​Days after SolarWinds addressed the vulnerability, CISA flagged it as exploited in the wild and added it to the Known Exploited Vulnerabilities Catalog, ordering all Federal Civilian Executive Branch agencies to patch their servers against ongoing attacks by June 19, as mandated by Binding Operational Directive (BOD) 22-01. While BOD 22-01 applies only to U.S. government agencies, the cybersecurity agency also urged all network defenders, including the private sector, to secure their networks against ongoing CVE-2026-28318 attacks as soon as possible. \"This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise,\" CISA warned. \"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\" In recent years, multiple cybercrime and state-backed hacking groups have targeted vulnerabilities in Serv-U to steal sensitive corporate and customer data. For instance, the Clop ransomware gang exploited a Serv-U remote code execution vulnerability (CVE-2021-35211) to breach corporate networks in a 2021 campaign. DEV-0322 Chinese hackers also deployed CVE-2021-35211 exploits in zero-day attacks starting in July 2021. More recently, in June 2024, cybersecurity companies GreyNoise and Rapid7 tagged a Serv-U path-traversal vulnerability (CVE-2024-28995) as actively exploited. Over the past several years, CISA has tagged 11 vulnerabilities across various SolarWinds products as actively exploited in attacks, one of which has also been abused by ransomware gangs. Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection. Get the whitepaper Related Articles: Microsoft warns of new Defender zero-days exploited in attacksCritical SolarWinds Serv-U flaws offer root access to serversCISA flags new SD-WAN flaw as actively exploited in attacksNew 'HTTP\u002F2 Bomb' DoS attack crashes web servers in under a minuteCISA warns of active attacks exploiting Android, Linux bugs","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fcisa-hackers-now-exploit-solarwinds-serv-u-flaw-to-crash-servers\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2026\u002F01\u002F28\u002FSolarWinds.jpg","2026-06-05T19:15:30+00:00","2026-06-05T20:00:08.752792+00:00",9,[18,21,24,27],{"name":19,"type":20},"SolarWinds","vendor",{"name":22,"type":23},"Serv-U","product",{"name":25,"type":26},"Clop","threat_actor",{"name":28,"type":26},"DEV-0322","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":29,"icon":31,"name":32,"slug":33},null,"Vulnerabilities","vulnerabilities",[35,40,45],{"category":36},{"id":37,"icon":31,"name":38,"slug":39},"26b0b636-0e31-4db1-bffb-61bdf9f20a58","Supply Chain","supply-chain",{"category":41},{"id":42,"icon":31,"name":43,"slug":44},"574f766a-fb3f-487c-8d2c-0720ae75471b","Zero-day","zero-day",{"category":46},{"id":47,"icon":31,"name":48,"slug":49},"89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5","Malware","malware",[51,55,58],{"type":52,"value":53,"context":54},"cve","CVE-2026-28318","SolarWinds Serv-U denial-of-service vulnerability actively exploited in the wild",{"type":52,"value":56,"context":57},"CVE-2021-35211","SolarWinds Serv-U RCE vulnerability previously exploited by Clop and DEV-0322",{"type":52,"value":59,"context":60},"CVE-2024-28995","SolarWinds Serv-U path-traversal vulnerability actively exploited in June 2024"]