06 June 2026
Reference: CVE-2026-28318
1. What is being reported?
The SolarWinds Serv-U software has a weakness where specially crafted internet requests can cause the service to stop working unexpectedly. This can happen without anyone needing to log in or authenticate, making it easier for attackers to cause problems.
2. What this means in plain English
If your organisation uses SolarWinds Serv-U, attackers could deliberately crash the service, causing interruptions to file transfers or other functions it supports. This could impact your business operations and potentially lead to lost productivity or data access issues.
3. Could this affect a small business?
Small businesses or charities using SolarWinds Serv-U are at risk from this vulnerability. If you do not use this software, or if it is not exposed to the internet, you are unlikely to be affected. Check with your IT provider if you are unsure whether you use this product.
4. What to do now
- Contact your IT provider or software supplier immediately to check if you use SolarWinds Serv-U.
- If you do use it, ask about applying the latest updates or patches provided by SolarWinds to fix this issue.
- If updates cannot be applied quickly, follow any mitigation steps recommended by SolarWinds to protect your system.
- Consider temporarily discontinuing use of the product if no fixes or mitigations are available.
5. Ask your IT provider
Can you confirm if we use SolarWinds Serv-U software, and if so, have the latest security updates or mitigations for CVE-2026-28318 been applied to protect us from service crashes?
6. Bottom line
If you use SolarWinds Serv-U, act quickly to update or secure it to avoid service disruption from this actively exploited vulnerability.
Information based on CISA KEV, NVD, and reputable security news reports.