CISA Warns of Actively Exploited DoS Vulnerability in SolarWinds Serv-U File Transfer Servers

The US Cybersecurity and Infrastructure Security Agency (CISA) confirmed that attackers are actively exploiting a denial-of-service (DoS) vulnerability (CVE-2026-28318) in SolarWinds Serv-U file transfer servers. The flaw is classified as an uncontrolled resource consumption vulnerability, allowing remote, unauthenticated attackers to trigger crashes. CISA has mandated US federal civilian agencies to remediate the issue by June 19, 2026, either through patching or implementing mitigations. The vulnerability affects SolarWinds Serv-U software, though specific versions are not detailed in the notice. No additional technical impact beyond server crashes is explicitly stated.