CISA Adds Actively Exploited SolarWinds Serv-U DoS Vulnerability to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity denial-of-service (DoS) vulnerability in SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, tracked as CVE-2026-28318 with a CVSS score of 7.5, is actively being exploited in the wild. The vulnerability causes the Serv-U service to crash, disrupting file server operations. No specific exploitation timeline or affected versions were disclosed in the notice. CISA’s inclusion in the KEV catalog indicates confirmed malicious activity targeting this flaw.