Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

High-Severity Vulnerability in SolarWinds Serv-U

9 June 2026

Attackers are exploiting a vulnerability in SolarWinds Serv-U to crash the file transfer service without authentication, causing a denial of service condition. Patch immediately.

Background

SolarWinds has released a security update to address an uncontrolled resource consumption vulnerability (CVE-2026-28318) affecting SolarWinds Serv-U. This vulnerability has a Common Vulnerability Scoring System (CVSS v3.1) score of 7.5 out of 10.

Impact

Due to improper handling of specially crafted POST requests using the Content-Encoding: deflate header, successful exploitation of this vulnerability could allow an unauthenticated remote attacker to crash the Serv-U service, resulting in a denial-of-service condition.

Known Exploitation

This vulnerability is being actively exploited in the wild.

Affected Products

This vulnerability affects SolarWinds Serv-U versions 15.5.4 and earlier.

Recommendations

Users and administrators of affected products are advised to update to SolarWinds Serv-U 15.5.4 Hotfix 1 immediately. 

References

https://www.solarwinds.com/trust-center/security-advisories/cve-2026-28318

https://nvd.nist.gov/vuln/detail/CVE-2026-28318

https://thehackernews.com/2026/06/cisa-adds-actively-exploited-solarwinds.html

Back to top