CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw (CVE-2026-28318) to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity denial-of-service (DoS) vulnerability, CVE-2026-28318, affecting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities (KEV) catalog. CISA confirmed active exploitation of this flaw, which allows threat actors to remotely crash file transfer servers without authentication. Organizations using SolarWinds Serv-U are urged to address this uncontrolled resource consumption flaw (CWE-400).