### CISA Warns of Active Exploitation The **U.S. Cybersecurity and Infrastructure Security Agency (CISA)** recently updated its **Known Exploited Vulnerabilities (KEV)** catalog to include a critical flaw affecting **SolarWinds Serv-U** multi-protocol file server software. This addition signals confirmed active exploitation of the vulnerability in real-world attacks, urging organizations to prioritize patching and mitigation efforts. ### Understanding CVE-2026-28318: A DoS Threat The vulnerability, identified as **CVE-2026-28318**, carries a CVSS score of 7.5, classifying it as high-severity. It manifests as an uncontrolled resource consumption flaw, leading to a denial-of-service (DoS) condition. According to **SolarWinds**, the **Serv-U** service can crash without authentication when subjected to "specially crafted POST requests using `Content-Encoding: deflate`." This means a remote attacker could potentially render the service unavailable, disrupting critical file transfer operations and impacting business continuity. ### Immediate Action Required: Patching and Mitigations **SolarWinds** has released a patch to address this critical issue in **SolarWinds Serv-U** version 15.5.4 HF1. All users are strongly advised to upgrade to this patched version immediately. For those unable to patch instantly, interim mitigations include: * Limiting access to **Serv-U** instances to known and trusted IP addresses. * Blocking any incoming requests containing "content-encoding," as this functionality is not required by the vulnerable service and its presence indicates a potential attack vector. ### CISA's Directive and Historical Precedent While specific details on the current exploitation campaigns, including the identities of threat actors or the number of compromised instances, remain undisclosed, **CISA** has mandated that all Federal Civilian Executive Branch (FCEB) agencies apply the fix for **CVE-2026-28318** by June 19, 2026. This isn't the first time **Serv-U** has been targeted. The software has a history of critical vulnerabilities being exploited by sophisticated threat actors. Notably, flaws in **Serv-U** have previously been leveraged by groups including state-sponsored entities and ransomware gangs such as the infamous **Cl0p ransomware gang**. This history underscores the paramount importance of keeping **Serv-U** installations up-to-date and securely configured to protect against evolving threats.