CISA Add to the KEV Catalog A False Not Serv-U Active

The US Department of Secret Systems CISA has added a serious vulnerability of SolarWinds Serv-U software to its catalogue of known vulnerabilities (KEV). The U.S. Cyber Security Agency cited evidence of active exploitation, which could cause recurring breakdowns.

Vulnerability CVE-2026-28318, at a CVSS score of 7.5, is a DoS security fault (service crash). This means that the Serv-U platform could be stopped under certain specific conditions.

CISA mentioned that this vulnerability had been detected and was currently under investigation. The source also indicates that the problem was not immediately reported to the software community, which may explain why it was not included in previous updates.

Experts recommend updating Serv-U quickly to avoid potential attack. The service must be installed on a secure web application and protected by tools such as Apache Tomcat or IIS, as well as on a powerful antivirus system.

Source: The Hacker News. IA-assisted editorial summary — TechnoExpress.

CISA Add to the KEV Catalog A False Not Serv-U Active

Essential tech, every morning