Homepage News Details
US Orders Fix for SolarWinds Serv-U Vulnerability by June 19
2026-06-15 14:58
Favorite

en.Wedoany.com Reported - The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that attackers are exploiting a vulnerability (CVE-2026-28318) that can crash SolarWinds Serv-U file transfer servers. The agency has ordered US federal civilian agencies to remediate the vulnerability by June 19, 2026, either by installing a patch or implementing mitigation measures.

Serv-U Vulnerability CVE-2026-28318

CVE-2026-28318 is an uncontrolled resource consumption vulnerability that can be triggered by a remote unauthenticated attacker. The flaw exists in the way the Serv-U service processes HTTP POST requests containing a Content-Encoding: deflate header. By sending a specially crafted request, an attacker can force Serv-U to consume excessive resources, causing the service to crash and resulting in a denial of service condition. The vulnerability was disclosed by SolarWinds on June 3, following the release of Serv-U 15.5.4 Hotfix 1 to address the issue. SolarWinds stated that customers who have downloaded and installed Serv-U 15.5.4 should also download and install Serv-U 15.5.4 Hotfix 1. Alternatively, users can use a web application firewall to restrict server access to known addresses only and block POST requests containing content-encoding, as the service does not require this functionality.

A remote code execution vulnerability (CVE-2021-35211) affecting SolarWinds Serv-U software was previously exploited as a zero-day by suspected Chinese attackers for cyber espionage, and later by the Cl0p ransomware group. In 2022, an input validation vulnerability (CVE-2021-35247) was exploited in attacks related to Log4j. Two years ago, CVE-2024-28995 was also exploited by attackers. CISA has not yet provided details on the in-the-wild exploitation of CVE-2026-28318, and there is currently no indication that the vulnerability is being exploited by ransomware groups.

SolarWinds Serv-U is a self-hosted solution that allows organizations to securely transfer files over a network. It is commonly used by organizations in regulated industries and sectors such as healthcare, finance, and government, which require data sovereignty and audit trails. While attackers prefer vulnerabilities that can fully compromise a Serv-U deployment, denial of service vulnerabilities can be used to disrupt organizational operations or divert the attention of enterprise defenders from other covert activities.

This article is compiled by Wedoany. All AI citations must indicate the source as "Wedoany". If there is any infringement or other issues, please notify us promptly, and we will modify or delete it accordingly. Email: news@wedoany.com

America
Information and CommunicationInformation Security and Data Security Engineering
Previous:INX International Ink Co. Partners with Albert Invent to Accelerate AI-Driven Formulation Discovery
Next:Qilin Ransomware Exploits Check Point VPN Zero-Day Vulnerability to Attack Multiple Organizations
Related Products
Negotiable
Office Data Leakage Prevention Solution
Sangfor Technologies Inc.
Negotiable
Intelligent Operations and Maintenance Solutions
Chengdu Yunda Technology Co., Ltd.
Negotiable
Flat Portable Satellite Terminal 0.35m Aperture Manual Portable Terminal
China Starwin Science & Technology Co., Ltd.
Negotiable /Unit
Multi-function Marine Monitoring Low-altitude Detection Radar Sea-air Boundary Ocean Dynamic Environment Measurement
Chengdu Dixin Technology Co., Ltd.
Negotiable
GYTA Type Non-Self-Supporting Aerial/Duct Optical Cable
TONGDING INTERCONNECTION INFORMATION CO., LTD.
Negotiable
Intelligent Manufacturing
DONGFANG ELECTRIC CORPORATION
Negotiable /Set
Bolande Application Server Software V9.5
Beijing Baolande Software Corporation
Negotiable
Direct Burial Cable GYHTY53
ETERN GROUP COMPANY LIMITED
Negotiable
G.652.D Wavelength-extended Non-dispersion Shifted Single-mode Optical Fiber
HONGAN GROUP CO., LTD.
Negotiable /Set
GNSS
Kingmach Measurement & Monitoring Technology Co., Ltd.
Negotiable
Single-mode Fiber G.652B
SHENZHEN SDG INFORMATION CO., LTD.
Negotiable
Wireless LAN | AirEngine 5776-56T Access Point
Huawei
Related Recommendations
China's X Square Robot Open-Sources Robot-Free Data Collection Framework
2026-06-15
UK's Lacuna Space Develops LPWAN-Based Satellite IoT Technology
2026-06-15
China's Moonshot AI Kimi Credit Card Opens Pre-registration for AI-Native Credit Card
2026-06-15
China's AAEON Achieves IEC 62443-4-1 Certification to Secure Industrial AI Platforms
2026-06-15
China Shenzhen Zhongyi Group says robots will be commercially deployed at scale by 2026, having already served over 1.3 million units
2026-06-15
Western Australia to Establish AUD 10 Million AI Fund and Centre of Excellence
2026-06-15
HarmonyOS Open-Sources AI Stability Diagnosis Capability, Xiaohongshu Among First to Integrate
2026-06-15
Indonesia's Ganesha and Hengshenghuo Reach Preliminary Consensus on Southeast Asian Market Cooperation
2026-06-15
China's Dreame Eclix to Launch AI Phone
2026-06-15
Sunflower Launches Home PC Remote Private Cloud Solution
2026-06-15
Lastest Bulletin
1
China's First Drive Technology Unveils Channel Expansion Plan at South China Expo, Targeting 10,000 Stores
2
China's First Drive Technology Unveils Multiple AI-Powered Two-Wheeler New Models at South China Exhibition
3
Celanese Closes Ulsan Plant in South Korea, Transfers Capacity to China and India
4
India's Anupam Rasayan becomes world's first to produce ETFA via flow chemistry
5
Xytel India Strengthens Global Chemical Engineering with Modular Pilot Plants
6
Over 40 Lubricant Varieties from PetroChina Achieve Domestic Substitution
7
Lexus ES in Japan uses 35% recycled materials from Covestro, reducing emissions by 25%
8
University of Nottingham Catalyst Simultaneously Converts CO₂ and Biowaste with 93% and 95% Efficiency
9
American Chemistry Council Forecasts Only 0.5% Growth in Chemical Production in 2026
10
BASF's Tinosorb S Receives FDA Approval, First New Sunscreen Ingredient in the US in 27 Years