Ethical Hacking News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning that hackers are actively exploiting a recently patched high-severity vulnerability in the SolarWinds Serv-U software to crash servers, highlighting the importance of keeping systems up-to-date with the latest security patches.
Hackers are exploiting a recently patched high-severity vulnerability in SolarWinds Serv-U software to crash servers. The vulnerability (CVE-2026-28318) is due to an uncontrolled resource consumption weakness that can be exploited by remote attackers without user interaction. SolarWinds has released a patch for the vulnerability, and CISA urges all network defenders to secure their networks against ongoing attacks as soon as possible. There are over 12,000 exposed Serv-U servers online, but no information on how many have been patched yet. CISA flagged the vulnerability as exploited in the wild and added it to the Known Exploited Vulnerabilities Catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning that hackers are actively exploiting a recently patched high-severity vulnerability in the SolarWinds Serv-U software to crash servers. The vulnerability, tracked as CVE-2026-28318, is due to an uncontrolled resource consumption weakness that can be exploited by remote attackers without requiring user interaction.
SolarWinds released Serv-U 15.5.4 Hotfix 1 on Thursday to patch this denial-of-service vulnerability and stated that it stems from an uncontrolled resource consumption weakness. The company advised administrators who cannot immediately deploy the patch to limit access to known addresses and block any POST request containing "content-encoding," since the vulnerable Serv-U service does not require this functionality.
The Internet intelligence platform Shodan currently tracks over 12,000 Serv-U servers exposed online, while Internet security watchdog Shadowserver just over 3,100. However, there is no information on how many have already been patched. CISA flagged the vulnerability as exploited in the wild and added it to the Known Exploited Vulnerabilities Catalog, ordering all Federal Civilian Executive Branch agencies to patch their servers against ongoing attacks by June 19.
While BOD 22-01 applies only to U.S. government agencies, CISA urged all network defenders, including the private sector, to secure their networks against ongoing CVE-2026-28318 attacks as soon as possible. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
In recent years, multiple cybercrime and state-backed hacking groups have targeted vulnerabilities in Serv-U to steal sensitive corporate and customer data. For instance, the Clop ransomware gang exploited a Serv-U remote code execution vulnerability (CVE-2021-35211) to breach corporate networks in a 2021 campaign. DEV-0322 Chinese hackers also deployed CVE-2021-35211 exploits in zero-day attacks starting in July 2021.
More recently, in June 2024, cybersecurity companies GreyNoise and Rapid7 tagged a Serv-U path-traversal vulnerability (CVE-2024-28995) as actively exploited. Over the past several years, CISA has tagged 11 vulnerabilities across various SolarWinds products as actively exploited in attacks, one of which has also been abused by ransomware gangs.
CISA's warning comes at a time when cybersecurity is under greater scrutiny due to the increasing number of high-profile attacks on server-side software. This highlights the importance of keeping systems up-to-date with the latest security patches and taking proactive measures to secure networks against ongoing cyber threats.
In conclusion, this serves as a reminder to organizations that the exploitation of vulnerabilities like CVE-2026-28318 can have serious consequences for their operations and data. As such, immediate action should be taken to patch any exposed servers and implement robust security protocols to prevent future attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Warns-of-Active-Attacks-Exploiting-SolarWinds-Serv-U-Flaw-to-Crash-Servers-ehn.shtml
https://www.bleepingcomputer.com/news/security/cisa-hackers-now-exploit-solarwinds-serv-u-flaw-to-crash-servers/
https://nvd.nist.gov/vuln/detail/CVE-2021-35211
https://www.cvedetails.com/cve/CVE-2021-35211/
https://nvd.nist.gov/vuln/detail/CVE-2024-28995
https://www.cvedetails.com/cve/CVE-2024-28995/
https://nvd.nist.gov/vuln/detail/CVE-2026-28318
https://www.cvedetails.com/cve/CVE-2026-28318/
Published: Fri Jun 5 15:20:55 2026 by llama3.2 3B Q4_K_M
