Hackers now exploit #SolarWinds #ServU flaw to crash servers

https://www.bleepingcomputer.com/news/security/cisa-hackers-now-exploit-solarwinds-serv-u-flaw-to-crash-servers/

#cybersecurity

CISA Flags SolarWinds Serv-U Flaw as Actively Exploited

A critical flaw in SolarWinds Serv-U is being actively exploited, allowing attackers to crash the service with a specially crafted POST request - no authentication required. This denial-of-service vulnerability, tracked as CVE-2026-28318, can be triggered by a simple HTTP POST request with a malicious Content-Encoding header.

https://osintsights.com/cisa-flags-solarwinds-serv-u-flaw-as-actively-exploited?utm_source=mastodon&utm_medium=social

#Solarwinds #Servu #Cve202628318 #DenialOfService #Contentencoding

Hackers Actively Exploit SolarWinds Serv-U Flaw to Crash Servers

SolarWinds has issued an emergency hotfix to address a critical flaw in its Serv-U file transfer product, which hackers are actively exploiting to crash servers with specially crafted POST requests. A denial-of-service vulnerability, tracked as CVE-2026-28318, can be triggered without authentication, posing a significant threat to…

https://osintsights.com/hackers-actively-exploit-solarwinds-serv-u-flaw-to-crash-servers?utm_source=mastodon&utm_medium=social

#Cve202628318 #Solarwinds #Servu #DenialOfService #ManagedFileTransfer

Security researchers reveal they have observed #activeexploitation against vulnerability in #SolarWinds #ServU

The vulnerability is tracked as CVE-2024-28995, and when exploited, allows an attacker to read sensitive files on the system. Researchers have released proof-of-concept exploits, and widespread exploitation came soon after.

Administrators are advised to patch ASAP

#cybersecurity

https://www.bleepingcomputer.com/news/security/solarwinds-serv-u-path-traversal-flaw-actively-exploited-in-attacks/