VulnerabilityBleeping Computer
10.0 — CRITICAL
CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers
CISA warned today that hackers are now actively exploiting a recently patched high-severity SolarWinds Serv-U flaw to crash servers. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
Hackers are exploiting the recently patched SolarWinds Serv-U flaw (CVE-2026-28318) to crash servers, with over 12,000 Serv-U servers exposed online and no information on how many have been patched.
⚙️Technical Details
Affected Systems
Solarwinds Serv-U
Attack Vectors
NETWORK
💥Impact Assessment
Severity: HIGH
🛡️Recommended Actions
1Apply mitigations per vendor instructions
2Follow applicable BOD 22-01 guidance for cloud services
3Discontinue use of Serv-U if mitigations are unavailable
📦Affected Products
Solarwinds Serv-U
🔐NVD Verified DataVERIFIED
CVE-2026-28318 ↗CVSS 7.5 — HIGH
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HWeaknesses
CWE-400
Affected Products (CPE)
Solarwinds Serv-U
CVE-2021-35211 ↗CVSS 10 — CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HWeaknesses
CWE-787
Affected Products (CPE)
Solarwinds Serv-U
Patches & References
🔧 https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers…🔧 https://www.solarwinds.com/trust-center/security-advisories/cve-2021-3…🔧 https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers…📋 https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers…📋 https://www.solarwinds.com/trust-center/security-advisories/cve-2021-3…📋 https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers…
CVE-2024-28995 ↗CVSS 7.5 — HIGH
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NWeaknesses
CWE-22
Affected Products (CPE)
Solarwinds Serv-U
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.